One Hat Cyber Team

View File Name : contact.mysuits.app.error.log

[Mon Jun 10 18:18:56.318716 2024] [authz_core:error] [pid 32289:tid 140208980870912] [client 188.166.108.93:60048] AH01630: client denied by server configuration: /home/id/id/public_html/public/server-status
[Mon Jun 10 18:19:10.346832 2024] [authz_core:error] [pid 32289:tid 140208854980352] [client 139.162.96.81:55540] AH01630: client denied by server configuration: /home/id/id/public_html/public/server-status
[Tue Jun 11 00:23:00.599885 2024] [:error] [pid 32194:tid 140208871765760] [client 213.152.176.252:13733] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/dump.sql"] [unique_id "ZmdutCdI2fqhaYjz_UpmVAAAABU"]
[Tue Jun 11 00:23:00.599921 2024] [:error] [pid 32289:tid 140208888551168] [client 213.152.176.252:36717] File does not exist: /home/id/id/public_html/public/wp-config.php
[Tue Jun 11 00:23:00.601286 2024] [:error] [pid 32196:tid 140208913729280] [client 213.152.176.252:5019] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/web.config"] [unique_id "ZmdutEY4dYEL0LX5XGyI8QAAAJA"]
[Tue Jun 11 00:23:00.604919 2024] [:error] [pid 32196:tid 140208930514688] [client 213.152.176.252:9191] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/backup.sql"] [unique_id "ZmdutEY4dYEL0LX5XGyI8gAAAI4"]
[Tue Jun 11 00:23:00.605981 2024] [:error] [pid 32195:tid 140209104226048] [client 213.152.176.252:24803] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/database.sql"] [unique_id "ZmdutHp0OB-BiMTbEu7S9wAAAEI"]
[Tue Jun 11 00:23:00.609101 2024] [:error] [pid 32289:tid 140208871765760] [client 213.152.176.252:52413] File does not exist: /home/id/id/public_html/public/config.php
[Tue Jun 11 00:23:00.614975 2024] [authz_host:error] [pid 32195:tid 140209121011456] [client 213.152.176.252:10791] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Tue Jun 11 00:23:00.614996 2024] [authz_core:error] [pid 32195:tid 140209121011456] [client 213.152.176.252:10791] AH01630: client denied by server configuration: /home/id/id/public_html/public/server-status
[Tue Jun 11 00:23:00.713969 2024] [:error] [pid 32289:tid 140208997656320] [client 213.152.176.252:56347] File does not exist: /home/id/id/public_html/public/phpinfo.php
[Tue Jun 11 00:23:00.718620 2024] [:error] [pid 32289:tid 140209104226048] [client 213.152.176.252:38985] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/etc/ssl/private/server.key"] [unique_id "ZmdutGspJDUUdilvjmuMiwAAAMI"]
[Tue Jun 11 00:23:00.718955 2024] [:error] [pid 32289:tid 140209095833344] [client 213.152.176.252:28691] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/server.key"] [unique_id "ZmdutGspJDUUdilvjmuMjAAAAMM"]
[Tue Jun 11 09:33:23.898005 2024] [:error] [pid 21047:tid 139986749851392] [client 213.232.87.228:32129] File does not exist: /home/id/id/public_html/public/wp-config.php
[Tue Jun 11 09:33:23.904658 2024] [:error] [pid 18991:tid 139986707887872] [client 213.232.87.228:22759] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/dump.sql"] [unique_id "Zmfvs_A1n_-UjJ4bxqKD9gAAAI4"]
[Tue Jun 11 09:33:23.905080 2024] [:error] [pid 18991:tid 139986691102464] [client 213.232.87.228:6253] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/web.config"] [unique_id "Zmfvs_A1n_-UjJ4bxqKD9wAAAJA"]
[Tue Jun 11 09:33:23.906261 2024] [:error] [pid 21047:tid 139986733065984] [client 213.232.87.228:10905] File does not exist: /home/id/id/public_html/public/config.php
[Tue Jun 11 09:33:23.907977 2024] [:error] [pid 18990:tid 139986724673280] [client 213.232.87.228:9583] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/etc/ssl/private/server.key"] [unique_id "Zmfvs_jMKW4U6HmkXeiFXQAAAEw"]
[Tue Jun 11 09:33:23.908290 2024] [authz_host:error] [pid 18989:tid 139986657531648] [client 213.232.87.228:31107] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Tue Jun 11 09:33:23.908299 2024] [authz_core:error] [pid 18989:tid 139986657531648] [client 213.232.87.228:31107] AH01630: client denied by server configuration: /home/id/id/public_html/public/server-status
[Tue Jun 11 09:33:23.911738 2024] [:error] [pid 18991:tid 139986775029504] [client 213.232.87.228:16681] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/server.key"] [unique_id "Zmfvs_A1n_-UjJ4bxqKD_QAAAIY"]
[Tue Jun 11 09:33:23.912597 2024] [:error] [pid 18989:tid 139986649138944] [client 213.232.87.228:15649] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/database.sql"] [unique_id "Zmfvs8gnQZmElrvYBddsewAAABU"]
[Tue Jun 11 09:33:23.916166 2024] [:error] [pid 18990:tid 139986758244096] [client 213.232.87.228:7231] File does not exist: /home/id/id/public_html/public/phpinfo.php
[Tue Jun 11 09:33:23.916792 2024] [:error] [pid 18990:tid 139986733065984] [client 213.232.87.228:3151] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/backup.sql"] [unique_id "Zmfvs_jMKW4U6HmkXeiFYQAAAEs"]
[Tue Jun 11 09:33:23.919061 2024] [:error] [pid 18991:tid 139986649138944] [client 213.232.87.228:28527] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "contact.mysuits.app"] [uri "/.svn/wc.db"] [unique_id "Zmfvs_A1n_-UjJ4bxqKEAAAAAJU"]
[Thu Jun 13 16:12:36.592948 2024] [:error] [pid 3796:tid 140478238418688] [client 41.236.217.193:51407] [client 41.236.217.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hSB0VxJWbLgaRfke3FhtBpD2ltnSZH9iKqp79xeoIPYj5gljtYLpG5XlaAPJ6BoaIweBrJZwmQHDthRLM9NnlSpfV7QQpDIpKNGUlfaMoGO74M2nLz\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1718284264701}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "contact.mysuits.app"] [uri "/vcard/63"] [unique_id "ZmrwRIx-g9wBZE9yKvzyUgAAAEc"]
[Thu Jun 13 16:12:41.578852 2024] [:error] [pid 3796:tid 140478221633280] [client 41.236.217.193:51407] [client 41.236.217.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hSB0VxJWbLgaRfke3FhtBpD2ltnSZH9iKqp79xeoIPYj5gljtYLpG5XlaAPJ6BoaIweBrJZwmQHDthRLM9NnlSpfV7QQpDIpKNGUlfaMoGO74M2nLz\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1718284264701}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "contact.mysuits.app"] [uri "/vcard/63"] [unique_id "ZmrwSYx-g9wBZE9yKvzyUwAAAEk"]
[Thu Jun 13 16:12:53.697967 2024] [:error] [pid 3796:tid 140478230025984] [client 41.236.217.193:51406] [client 41.236.217.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hSB0VxJWbLgaRfke3FhtBpD2ltnSZH9iKqp79xeoIPYj5gljtYLpG5XlaAPJ6BoaIweBrJZwmQHDthRLM9NnlSpfV7QQpDIpKNGUlfaMoGO74M2nLz\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1718284264701}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "contact.mysuits.app"] [uri "/vcard/63"] [unique_id "ZmrwVYx-g9wBZE9yKvzyVAAAAEg"]
[Thu Jun 13 16:13:31.004518 2024] [:error] [pid 3797:tid 140478162884352] [client 41.236.217.193:51434] [client 41.236.217.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hSB0VxJWbLgaRfke3FhtBpD2ltnSZH9iKqp79xeoIPYj5gljtYLpG5XlaAPJ6BoaIweBrJZwmQHDthRLM9NnlSpfV7QQpDIpKNGUlfaMoGO74M2nLz\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1718284264701}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "contact.mysuits.app"] [uri "/vcard/63"] [unique_id "Zmrwe0th30W1Bu1_jW663wAAAJA"]
[Thu Jun 13 16:13:31.004633 2024] [:error] [pid 3797:tid 140478162884352] [client 41.236.217.193:51434] [client 41.236.217.193] ModSecurity: Audit log: Failed to lock global mutex: Invalid argument [hostname "contact.mysuits.app"] [uri "/vcard/63"] [unique_id "Zmrwe0th30W1Bu1_jW663wAAAJA"]
[Thu Jun 13 16:13:31.004718 2024] [:error] [pid 3797:tid 140478162884352] [client 41.236.217.193:51434] [client 41.236.217.193] ModSecurity: Audit log: Failed to unlock global mutex: Invalid argument [hostname "contact.mysuits.app"] [uri "/vcard/63"] [unique_id "Zmrwe0th30W1Bu1_jW663wAAAJA"]
[Fri Aug 09 00:53:26.879908 2024] [authz_core:error] [pid 5030:tid 140335086819072] [client 165.22.235.3:37426] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Aug 09 00:53:31.811188 2024] [authz_core:error] [pid 4768:tid 140335070033664] [client 142.93.0.66:57336] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Oct 07 12:31:32.092059 2024] [authz_core:error] [pid 5860:tid 140241688000256] [client 159.89.12.166:56842] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Oct 07 12:31:32.233211 2024] [authz_core:error] [pid 5766:tid 140241780320000] [client 138.197.191.87:37398] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Oct 07 12:31:32.977943 2024] [authz_core:error] [pid 5767:tid 140241713178368] [client 138.68.86.32:53184] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Oct 07 12:31:33.031144 2024] [authz_core:error] [pid 5860:tid 140241771927296] [client 142.93.129.190:46668] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Dec 06 00:54:28.800212 2024] [authz_core:error] [pid 6160:tid 140177028593408] [client 139.59.132.8:46978] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Dec 06 00:54:29.064576 2024] [authz_core:error] [pid 6160:tid 140177087342336] [client 159.89.12.166:41000] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Dec 06 00:54:36.358466 2024] [authz_core:error] [pid 28737:tid 140177154483968] [client 134.209.25.199:35826] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Dec 06 00:54:39.625378 2024] [authz_core:error] [pid 28737:tid 140177179662080] [client 147.182.200.94:53840] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Sun Jan 19 07:32:47.027758 2025] [:error] [pid 2906:tid 139952529303296] [client 13.211.140.162:33412] Could not write to logfile:
[Sun Jan 19 07:32:47.027799 2025] [:error] [pid 2906:tid 139952529303296] [client 13.211.140.162:33412] Printing message to stderr:
[Sun Jan 19 07:32:47.027873 2025] [:error] [pid 2906:tid 139952529303296] [client 13.211.140.162:33412] [Sun Jan 19 07:32:47 2025] [info] Executing "/home/id/public_html/public/index.php" as UID 1004, GID 1004
[Sun Jan 19 07:32:47.027877 2025] [:error] [pid 2906:tid 139952529303296] [client 13.211.140.162:33412] 
[Sun Jan 19 08:12:49.663311 2025] [:error] [pid 3151:tid 139952339756800] [client 51.81.46.212:39654] Could not write to logfile:
[Sun Jan 19 08:12:49.663352 2025] [:error] [pid 3151:tid 139952339756800] [client 51.81.46.212:39654] Printing message to stderr:
[Sun Jan 19 08:12:49.663427 2025] [:error] [pid 3151:tid 139952339756800] [client 51.81.46.212:39654] [Sun Jan 19 08:12:49 2025] [info] Executing "/home/id/public_html/public/index.php" as UID 1004, GID 1004
[Sun Jan 19 08:12:49.663430 2025] [:error] [pid 3151:tid 139952339756800] [client 51.81.46.212:39654] 
[Sun Jan 19 09:12:24.095882 2025] [:error] [pid 2904:tid 139952348149504] [client 13.211.140.162:33090] Could not write to logfile:
[Sun Jan 19 09:12:24.095923 2025] [:error] [pid 2904:tid 139952348149504] [client 13.211.140.162:33090] Printing message to stderr:
[Sun [Mon Feb 03 00:54:04.947069 2025] [authz_core:error] [pid 28978:tid 140587516794624] [client 157.245.36.108:52190] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Feb 03 00:54:05.156374 2025] [authz_core:error] [pid 28978:tid 140587466438400] [client 64.225.75.246:32950] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Feb 03 00:54:05.202499 2025] [authz_core:error] [pid 29369:tid 140587432867584] [client 134.209.25.199:53590] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Feb 03 00:54:05.575411 2025] [authz_core:error] [pid 29369:tid 140587516794624] [client 142.93.129.190:47596] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Feb 27 18:19:04.471390 2025] [authz_core:error] [pid 7959:tid 140634509719296] [client 15.207.117.77:39028] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Feb 27 18:19:05.194083 2025] [authz_core:error] [pid 7959:tid 140634644002560] [client 15.207.117.77:39028] AH01630: client denied by server configuration: /home/id/public_html/public/.htpasswd
[Thu Apr 03 17:59:18.516608 2025] [authz_core:error] [pid 27997:tid 139738145048320] [client 157.230.19.140:43776] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Apr 03 17:59:19.559188 2025] [authz_core:error] [pid 27998:tid 139738136655616] [client 159.89.12.166:49536] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Apr 03 17:59:23.137431 2025] [authz_core:error] [pid 28515:tid 139738237368064] [client 209.38.248.17:46020] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Apr 03 17:59:35.049449 2025] [authz_core:error] [pid 27998:tid 139738111477504] [client 164.92.244.132:35408] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Apr 03 21:46:28.144810 2025] [authz_core:error] [pid 28515:tid 139738145048320] [client 206.189.2.13:48510] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Apr 03 21:46:28.879045 2025] [authz_core:error] [pid 28515:tid 139738153441024] [client 143.244.168.161:53350] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Apr 03 21:46:39.328406 2025] [authz_core:error] [pid 28515:tid 139738212189952] [client 165.227.173.41:60660] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Thu Apr 03 21:46:47.680840 2025] [authz_core:error] [pid 28515:tid 139738128262912] [client 138.68.82.23:60594] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 00:55:01.885019 2025] [authz_core:error] [pid 28515:tid 139738145048320] [client 207.154.212.47:44228] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 00:55:05.801670 2025] [authz_core:error] [pid 27998:tid 139738145048320] [client 139.59.132.8:48044] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 04:31:36.002730 2025] [authz_core:error] [pid 14413:tid 140207210829568] [client 147.182.200.94:59126] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 04:31:40.860101 2025] [authz_core:error] [pid 12839:tid 140207286363904] [client 146.190.63.248:47602] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 04:31:46.850421 2025] [authz_core:error] [pid 14413:tid 140207286363904] [client 64.226.65.160:51670] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 04:31:53.248717 2025] [authz_core:error] [pid 14413:tid 140207411160832] [client 64.226.65.160:49406] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 13:56:52.914514 2025] [authz_core:error] [pid 12839:tid 140207244400384] [client 138.68.144.227:59622] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 13:56:53.370197 2025] [authz_core:error] [pid 12839:tid 140207194044160] [client 157.230.19.140:52424] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 15:27:09.064492 2025] [authz_host:error] [pid 20876:tid 140207202436864] [client 109.202.99.46:2055] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Fri Apr 04 15:27:09.064521 2025] [authz_core:error] [pid 20876:tid 140207202436864] [client 109.202.99.46:2055] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 22:00:12.951666 2025] [authz_core:error] [pid 12839:tid 140207311542016] [client 209.38.248.17:34728] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri Apr 04 22:00:13.550876 2025] [authz_core:error] [pid 14413:tid 140207286363904] [client 157.230.19.140:33304] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Sun Apr 06 01:19:51.082503 2025] [authz_host:error] [pid 22471:tid 139798803068672] [client 154.83.103.101:32980] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Sun Apr 06 01:19:51.082522 2025] [authz_core:error] [pid 22471:tid 139798803068672] [client 154.83.103.101:32980] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Sun Apr 06 20:51:44.092554 2025] [authz_host:error] [pid 27361:tid 139995532687104] [client 154.83.103.101:39098] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Sun Apr 06 20:51:44.092573 2025] [authz_core:error] [pid 27361:tid 139995532687104] [client 154.83.103.101:39098] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Tue Apr 08 03:52:47.187784 2025] [authz_host:error] [pid 15723:tid 140290123880192] [client 154.83.103.106:56414] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Tue Apr 08 03:52:47.187804 2025] [authz_core:error] [pid 15723:tid 140290123880192] [client 154.83.103.106:56414] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Tue Apr 08 15:37:32.188606 2025] [authz_host:error] [pid 15814:tid 140290048345856] [client 154.83.103.102:16204] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Tue Apr 08 15:37:32.188621 2025] [authz_core:error] [pid 15814:tid 140290048345856] [client 154.83.103.102:16204] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Wed Apr 09 00:01:57.713818 2025] [authz_host:error] [pid 13409:tid 140290023167744] [client 154.83.103.106:56604] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Wed Apr 09 00:01:57.713833 2025] [authz_core:error] [pid 13409:tid 140290023167744] [client 154.83.103.106:56604] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Sat Apr 26 19:28:53.237686 2025] [authz_host:error] [pid 10181:tid 139755870181120] [client 154.83.103.210:32044] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Sat Apr 26 19:28:53.237700 2025] [authz_core:error] [pid 10181:tid 139755870181120] [client 154.83.103.210:32044] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Fri May 02 01:27:03.637648 2025] [core:error] [pid 12329:tid 140352467949312] [client 194.233.72.214:54018] Script timed out before returning headers: index.php
[Sun May 04 06:12:45.577036 2025] [authz_host:error] [pid 18381:tid 140131075806976] [client 154.83.103.202:53810] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Sun May 04 06:12:45.577059 2025] [authz_core:error] [pid 18381:tid 140131075806976] [client 154.83.103.202:53810] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Wed May 07 10:38:12.418263 2025] [authz_core:error] [pid 15210:tid 140162340210432] [client 154.83.103.202:22706] AH01630: client denied by server configuration: /home/id/public_html/public/.htaccess
[Mon May 12 20:48:03.180728 2025] [authz_host:error] [pid 13335:tid 140205608642304] [client 154.83.103.115:21706] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Mon May 12 20:48:03.180749 2025] [authz_core:error] [pid 13335:tid 140205608642304] [client 154.83.103.115:21706] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Jun 02 00:55:08.252452 2025] [authz_core:error] [pid 19220:tid 140151594333952] [client 139.59.143.102:36742] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Jun 02 00:55:08.653860 2025] [authz_core:error] [pid 12269:tid 140151611119360] [client 46.101.111.185:45802] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Jun 02 00:55:08.915538 2025] [authz_core:error] [pid 19220:tid 140151711831808] [client 157.230.19.140:58816] AH01630: client denied by server configuration: /home/id/public_html/public/server-status
[Mon Jun 02 00:55:09.349504 2025] [authz_core:error] [pid 19220:tid 140151843489536] [client 167.71.175.236:57280] AH01630: client denied by server configuration: /home/id/public_html/public/server-status