Your IP : 216.73.216.189
[Thu Aug 04 10:55:36.925202 2022] [php:error] [pid 1446129] [client 151.49.194.8:59133] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/page_cache" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(49): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Thu Aug 04 10:56:26.352096 2022] [php:error] [pid 1446133] [client 151.49.194.8:59134] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/page_cache" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(49): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Thu Aug 04 12:05:58.061210 2022] [php:error] [pid 1446373] [client 151.49.194.8:59854] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\Framework\\App\\ResourceConnection\\Proxy" does not exist in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php:34\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#22 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#23 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#24 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#25 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#26 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#27 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#28 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#29 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#30 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#31 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#32 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#33 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#34 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(70): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#35 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#36 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#37 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#38 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#39 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php on line 34
[Thu Aug 04 12:07:34.520079 2022] [authz_core:error] [pid 1446133] [client 37.186.153.120:18895] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 04 15:42:18.392670 2022] [authz_core:error] [pid 1448203] [client 37.186.153.120:31276] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 04 16:19:58.734938 2022] [authz_core:error] [pid 1449826] [client 37.186.153.120:43053] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 04 17:54:54.050562 2022] [authz_core:error] [pid 1449826] [client 37.186.153.120:50156] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 04 18:06:19.981036 2022] [authz_core:error] [pid 1450081] [client 37.186.153.120:59231] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 04 18:11:11.645112 2022] [authz_core:error] [pid 1450081] [client 37.186.153.120:48391] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 05 08:52:59.038750 2022] [authz_core:error] [pid 1455904] [client 37.186.153.120:52408] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 05 11:07:25.919871 2022] [authz_core:error] [pid 1452538] [client 37.186.153.120:41443] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 05 11:32:11.870868 2022] [authz_core:error] [pid 1452538] [client 37.186.153.120:51113] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 05 12:25:45.899286 2022] [authz_core:error] [pid 1457060] [client 37.186.153.120:60441] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 05 14:43:59.952034 2022] [authz_core:error] [pid 1457489] [client 37.186.153.120:51991] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 05 15:18:22.301067 2022] [authz_core:error] [pid 1459305] [client 37.186.153.120:27270] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 05 17:45:22.048639 2022] [authz_core:error] [pid 1461271] [client 37.186.153.120:53658] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 09:42:49.378295 2022] [authz_core:error] [pid 1479200] [client 37.186.153.120:53703] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 09:58:49.890021 2022] [authz_core:error] [pid 1480437] [client 37.186.153.120:30617] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 10:33:51.159407 2022] [authz_core:error] [pid 1480437] [client 37.186.153.120:25880] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 12:25:26.171825 2022] [authz_core:error] [pid 1477642] [client 37.186.153.120:26319] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 14:41:03.386614 2022] [authz_core:error] [pid 1482113] [client 10.99.15.51:54370] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 15:03:29.362422 2022] [authz_core:error] [pid 1482105] [client 10.99.15.51:54404] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 15:24:08.166507 2022] [authz_core:error] [pid 1482105] [client 10.99.15.51:54410] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 15:49:25.810823 2022] [authz_core:error] [pid 1482105] [client 10.99.15.51:54416] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 16:18:03.730832 2022] [authz_core:error] [pid 1484301] [client 10.99.15.51:54422] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 16:48:29.530907 2022] [authz_core:error] [pid 1484547] [client 10.99.15.51:54656] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 08 17:21:30.866178 2022] [authz_core:error] [pid 1485053] [client 10.99.15.51:55830] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 13:16:03.849927 2022] [authz_core:error] [pid 1490652] [client 10.99.15.51:56272] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 13:57:25.214869 2022] [authz_core:error] [pid 1490669] [client 10.99.15.51:56276] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 14:12:29.756198 2022] [authz_core:error] [pid 1487029] [client 10.99.15.51:56380] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 14:29:46.364786 2022] [authz_core:error] [pid 1492211] [client 10.99.15.51:56438] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 14:46:18.212730 2022] [authz_core:error] [pid 1490663] [client 10.99.15.51:56482] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 15:16:50.684742 2022] [authz_core:error] [pid 1490653] [client 10.99.15.51:56486] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 16:43:20.532645 2022] [authz_core:error] [pid 1492229] [client 10.99.15.51:56492] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 09 16:58:22.987185 2022] [authz_core:error] [pid 1490663] [client 10.99.15.51:56494] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Aug 10 09:34:07.648899 2022] [authz_core:error] [pid 1495076] [client 10.99.15.51:56508] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Aug 10 12:50:21.168996 2022] [authz_core:error] [pid 1495112] [client 10.99.15.51:56538] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Aug 10 15:02:24.021588 2022] [authz_core:error] [pid 1495078] [client 10.99.15.51:56552] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Aug 10 16:26:33.953981 2022] [authz_core:error] [pid 1495233] [client 10.99.15.51:56564] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Aug 10 16:48:34.586791 2022] [authz_core:error] [pid 1497840] [client 10.99.15.51:56832] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 10:58:23.713929 2022] [php:error] [pid 1506394] [client 3.124.2.39:32986] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Thu Aug 11 11:01:14.992041 2022] [authz_core:error] [pid 1503080] [client 10.99.15.51:57252] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 11:01:43.195929 2022] [php:error] [pid 1506394] [client 151.49.194.8:51528] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/page_cache" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/admin_xd1yn7/admin/dashboard/index/key/baeacff41922070384cbc8ee9457f6115f3b915af77b9c513be246d70cbdb293/
[Thu Aug 11 11:03:32.875834 2022] [authz_core:error] [pid 1506394] [client 10.99.15.51:57266] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 11:09:42.094803 2022] [authz_core:error] [pid 1507463] [client 10.99.15.51:57322] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 11:26:52.047864 2022] [authz_core:error] [pid 1507463] [client 10.99.15.51:57362] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 11:42:47.347653 2022] [authz_core:error] [pid 1507935] [client 10.99.15.51:57404] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 11:58:14.305343 2022] [authz_core:error] [pid 1507959] [client 10.99.15.51:57428] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 12:14:42.322367 2022] [authz_core:error] [pid 1508089] [client 10.99.15.51:57450] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 12:15:59.930645 2022] [authz_core:error] [pid 1508093] [client 10.99.15.51:57468] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 12:16:31.639794 2022] [authz_core:error] [pid 1508283] [client 10.99.15.51:57480] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 12:17:45.526192 2022] [authz_core:error] [pid 1508134] [client 10.99.15.51:57498] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 12:18:06.384599 2022] [authz_core:error] [pid 1507959] [client 10.99.15.51:57506] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 14:06:54.002861 2022] [authz_core:error] [pid 1508367] [client 10.99.15.51:57526] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 11 15:09:30.069431 2022] [authz_core:error] [pid 1508341] [client 10.99.15.51:57546] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 12 15:08:45.896378 2022] [authz_core:error] [pid 1528483] [client 10.99.15.51:57614] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 12 16:13:41.588112 2022] [authz_core:error] [pid 1528715] [client 10.99.15.51:57622] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 12 17:30:07.301946 2022] [authz_core:error] [pid 1528485] [client 10.99.15.51:57630] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 12 17:38:24.316775 2022] [authz_core:error] [pid 1529356] [client 10.99.15.51:57652] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Aug 18 16:22:43.008754 2022] [authz_core:error] [pid 1570906] [client 10.99.15.51:58098] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 19 17:38:30.547304 2022] [php:error] [pid 1575173] [client 3.124.2.39:41446] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Aug 19 17:39:56.259569 2022] [authz_core:error] [pid 1575180] [client 10.99.15.51:58166] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 22 09:53:18.349457 2022] [authz_core:error] [pid 1597194] [client 10.99.15.51:58268] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 22 10:11:09.643658 2022] [authz_core:error] [pid 1600661] [client 10.99.15.51:58286] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 22 11:09:29.950665 2022] [authz_core:error] [pid 1600771] [client 10.99.15.51:58300] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 22 15:32:36.132966 2022] [php:error] [pid 1600771] [client 18.157.184.4:60794] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\Framework\\App\\ResourceConnection\\Proxy" does not exist in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php:34\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#22 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#23 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#24 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#25 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#26 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#27 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#28 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#29 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#30 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#31 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#32 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#33 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#34 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(70): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#35 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#36 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#37 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#38 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#39 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php on line 34
[Mon Aug 22 15:36:17.678499 2022] [authz_core:error] [pid 1600632] [client 10.99.15.51:58484] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 22 16:04:29.830122 2022] [authz_core:error] [pid 1601097] [client 10.99.15.51:58490] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Aug 22 16:51:21.898220 2022] [authz_core:error] [pid 1600664] [client 10.99.15.51:58498] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 23 09:38:14.660602 2022] [authz_core:error] [pid 1636267] [client 10.99.15.51:58530] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 23 09:53:50.514319 2022] [authz_core:error] [pid 1636464] [client 10.99.15.51:58542] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 23 13:51:50.706476 2022] [authz_core:error] [pid 1637015] [client 10.99.15.51:58616] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 23 15:27:00.548291 2022] [authz_core:error] [pid 1637020] [client 10.99.15.51:58844] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Aug 23 15:44:36.456034 2022] [php:error] [pid 1637019] [client 151.31.151.125:52215] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/page_cache" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/privacy-center/account/
[Tue Aug 23 15:44:45.529316 2022] [php:error] [pid 1639067] [client 151.31.151.125:52216] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/page_cache" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/privacy-center/account/
[Tue Aug 23 15:44:55.899278 2022] [php:error] [pid 1639072] [client 151.31.151.125:52217] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/page_cache" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/privacy-center/account/
[Tue Aug 23 15:44:59.288933 2022] [php:error] [pid 1637642] [client 151.31.151.125:52218] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/page_cache" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/customer/account/login/referer/aHR0cDovL21hZ2VudG8udGVzdC5pbmRhY28uc3RvcmUvcHJpdmFjeS1jZW50ZXIvYWNjb3VudC9jaGVjay8%2C/
[Thu Aug 25 09:22:23.632946 2022] [authz_core:error] [pid 1648723] [client 10.99.15.51:59822] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 26 09:24:27.590017 2022] [authz_core:error] [pid 1671740] [client 10.99.15.51:60868] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Aug 26 09:42:03.714882 2022] [authz_core:error] [pid 1656015] [client 10.99.15.51:60874] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Aug 31 12:14:48.801003 2022] [authz_core:error] [pid 1707888] [client 10.99.15.51:32858] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 02 15:36:59.855205 2022] [authz_core:error] [pid 1718565] [client 10.99.15.51:33626] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Sun Sep 04 21:45:01.162537 2022] [authz_core:error] [pid 1733174] [client 10.99.15.51:33906] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 05 10:39:09.655654 2022] [authz_core:error] [pid 1743623] [client 10.99.15.51:34362] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 05 14:53:31.190753 2022] [authz_core:error] [pid 1743619] [client 10.99.15.51:34586] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 05 15:51:38.924687 2022] [authz_core:error] [pid 1743612] [client 10.99.15.51:34590] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 06 10:01:38.974222 2022] [authz_core:error] [pid 1751525] [client 10.99.15.51:34624] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 06 11:01:49.859830 2022] [authz_core:error] [pid 1751525] [client 10.99.15.51:34652] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 06 11:16:51.990876 2022] [authz_core:error] [pid 1751989] [client 10.99.15.51:34660] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 06 11:39:41.841950 2022] [authz_core:error] [pid 1752012] [client 10.99.15.51:34724] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 06 11:59:41.576164 2022] [authz_core:error] [pid 1751723] [client 10.99.15.51:34728] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 06 12:39:52.065970 2022] [authz_core:error] [pid 1752003] [client 10.99.15.51:34766] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 07 12:26:17.815209 2022] [authz_core:error] [pid 1755346] [client 10.99.15.51:35722] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 07 15:06:06.160035 2022] [authz_core:error] [pid 1755358] [client 10.99.15.51:36068] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 07 15:22:23.509773 2022] [authz_core:error] [pid 1755345] [client 10.99.15.51:36136] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 10:03:25.915258 2022] [authz_core:error] [pid 1802301] [client 10.99.15.51:42436] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 10:18:36.489418 2022] [authz_core:error] [pid 1815530] [client 10.99.15.51:42630] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 10:39:32.332127 2022] [authz_core:error] [pid 1815422] [client 10.99.15.51:42718] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 10:50:05.980605 2022] [authz_core:error] [pid 1816205] [client 10.99.15.51:42886] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 10:52:55.247864 2022] [authz_core:error] [pid 1816478] [client 10.99.15.51:42908] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 12:04:46.672442 2022] [authz_core:error] [pid 1817325] [client 10.99.15.51:43718] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 13:03:25.419019 2022] [authz_core:error] [pid 1819135] [client 10.99.15.51:44850] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 14:03:16.828484 2022] [authz_core:error] [pid 1818553] [client 10.99.15.51:45556] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 09 15:20:48.395363 2022] [authz_core:error] [pid 1820676] [client 10.99.15.51:45726] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 12 14:36:06.898998 2022] [authz_core:error] [pid 1886836] [client 10.99.15.51:54982] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 12 17:12:50.278300 2022] [authz_core:error] [pid 1906634] [client 10.99.15.51:56076] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 09:23:02.244388 2022] [authz_core:error] [pid 1925653] [client 10.99.15.51:58192] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 09:38:13.426859 2022] [authz_core:error] [pid 1914768] [client 10.99.15.51:58324] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 09:53:17.339425 2022] [authz_core:error] [pid 1926046] [client 10.99.15.51:58536] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 14:49:54.286281 2022] [authz_core:error] [pid 1933307] [client 10.99.15.51:34510] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 15:17:29.202812 2022] [authz_core:error] [pid 1933502] [client 10.99.15.51:35826] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 16:06:56.866133 2022] [authz_core:error] [pid 1933587] [client 10.99.15.51:36432] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 16:53:28.646824 2022] [authz_core:error] [pid 1936085] [client 10.99.15.51:37534] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 17:09:18.106263 2022] [authz_core:error] [pid 1935220] [client 10.99.15.51:38326] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 13 17:43:51.337185 2022] [authz_core:error] [pid 1936085] [client 10.99.15.51:38788] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 14 15:22:48.527869 2022] [authz_core:error] [pid 1962469] [client 10.99.15.51:42412] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 14 16:31:24.501886 2022] [authz_core:error] [pid 1962413] [client 10.99.15.51:42742] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 07:18:57.212447 2022] [authz_core:error] [pid 1980483] [client 10.99.15.51:44618] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 08:32:18.905066 2022] [authz_core:error] [pid 1972360] [client 10.99.15.51:44792] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 09:02:14.133289 2022] [authz_core:error] [pid 1980601] [client 10.99.15.51:44868] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 10:34:29.805088 2022] [authz_core:error] [pid 1982880] [client 10.99.15.51:45480] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 10:50:30.173318 2022] [authz_core:error] [pid 1980483] [client 10.99.15.51:45658] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 11:15:38.551254 2022] [authz_core:error] [pid 1984857] [client 10.99.15.51:45990] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 11:40:34.048091 2022] [authz_core:error] [pid 1984857] [client 10.99.15.51:46372] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 14:11:33.015663 2022] [authz_core:error] [pid 1988627] [client 10.99.15.51:47700] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 15:32:54.257248 2022] [authz_core:error] [pid 1991081] [client 10.99.15.51:48142] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 16:00:52.762241 2022] [authz_core:error] [pid 1990288] [client 10.99.15.51:48832] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 17:45:35.454439 2022] [authz_core:error] [pid 1993547] [client 10.99.15.51:49950] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 15 18:02:04.076401 2022] [authz_core:error] [pid 1993666] [client 10.99.15.51:50376] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 16 12:02:21.483881 2022] [php:error] [pid 2026902] [client 10.99.15.51:55676] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:02:37.790858 2022] [php:error] [pid 2026905] [client 10.99.15.51:55686] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:02:37.998050 2022] [php:error] [pid 2026904] [client 10.99.15.51:55692] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:02:49.503114 2022] [php:error] [pid 2026902] [client 10.99.15.51:55704] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:02:53.517177 2022] [php:error] [pid 2026642] [client 10.99.15.51:55712] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Interception/Config/CacheManager.php(68): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Interception/Config/Config.php(118): Magento\\Framework\\Interception\\Config\\CacheManager->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Interception\\Config\\Config->__construct()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(113): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#22 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#23 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#24 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#25 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#26 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:02:53.674822 2022] [php:error] [pid 2026901] [client 10.99.15.51:55716] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Interception/Config/CacheManager.php(68): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Interception/Config/Config.php(118): Magento\\Framework\\Interception\\Config\\CacheManager->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Interception\\Config\\Config->__construct()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(113): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#22 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#23 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#24 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#25 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#26 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:02:54.551756 2022] [php:error] [pid 2026904] [client 10.99.15.51:55724] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Interception/Config/CacheManager.php(68): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Interception/Config/Config.php(118): Magento\\Framework\\Interception\\Config\\CacheManager->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Interception\\Config\\Config->__construct()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(113): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#22 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#23 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#24 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#25 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#26 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:03:04.274908 2022] [php:error] [pid 2026900] [client 10.99.15.51:55756] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:03:04.384494 2022] [php:error] [pid 2026314] [client 10.99.15.51:55760] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:03:04.614087 2022] [php:error] [pid 2026906] [client 10.99.15.51:55768] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:03:09.368661 2022] [php:error] [pid 2026857] [client 10.99.15.51:55776] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:03:35.562494 2022] [php:error] [pid 2026906] [client 87.5.109.20:52222] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/alimentari/vino/bollicine.html
[Fri Sep 16 12:03:37.723411 2022] [php:error] [pid 2026901] [client 87.5.109.20:52223] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/alimentari/vino/bollicine.html
[Fri Sep 16 12:04:16.929869 2022] [php:error] [pid 2026231] [client 3.124.2.39:38296] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 16 12:14:34.463125 2022] [authz_core:error] [pid 2026906] [client 10.99.15.51:55820] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 16 12:29:57.806724 2022] [authz_core:error] [pid 2026904] [client 10.99.15.51:56010] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 16 12:49:55.922566 2022] [authz_core:error] [pid 2027667] [client 10.99.15.51:56052] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 16 13:01:12.042583 2022] [authz_core:error] [pid 2027359] [client 10.99.15.51:56136] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 16 14:32:51.023014 2022] [authz_core:error] [pid 2028532] [client 10.99.15.51:56508] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 16 15:58:21.183849 2022] [authz_core:error] [pid 2033071] [client 10.99.15.51:58060] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Fri Sep 16 16:48:55.401568 2022] [authz_core:error] [pid 2033440] [client 10.99.15.51:58540] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 11:06:50.912070 2022] [authz_core:error] [pid 2109942] [client 10.99.15.51:38838] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 11:53:29.129665 2022] [authz_core:error] [pid 2111594] [client 10.99.15.51:39972] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 12:24:43.835069 2022] [authz_core:error] [pid 2110924] [client 10.99.15.51:40268] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 12:40:55.465760 2022] [authz_core:error] [pid 2111593] [client 10.99.15.51:40534] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 14:15:17.734651 2022] [authz_core:error] [pid 2115179] [client 10.99.15.51:41078] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 14:34:24.241413 2022] [authz_core:error] [pid 2114962] [client 10.99.15.51:41588] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 16:24:37.892455 2022] [authz_core:error] [pid 2118171] [client 10.99.15.51:44160] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 16:57:22.684387 2022] [authz_core:error] [pid 2118738] [client 10.99.15.51:44788] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Mon Sep 19 18:50:05.350257 2022] [authz_core:error] [pid 2119685] [client 10.99.15.51:45698] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 10:36:12.078515 2022] [authz_core:error] [pid 2140623] [client 10.99.15.51:47998] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 11:03:25.280273 2022] [authz_core:error] [pid 2141079] [client 10.99.15.51:48638] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 11:25:26.279631 2022] [authz_core:error] [pid 2142157] [client 10.99.15.51:49120] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 12:13:23.564555 2022] [authz_core:error] [pid 2145121] [client 10.99.15.51:49754] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 13:10:02.931568 2022] [authz_core:error] [pid 2145462] [client 10.99.15.51:49986] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 14:58:51.248083 2022] [authz_core:error] [pid 2146446] [client 10.99.15.51:50238] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 15:18:17.548265 2022] [authz_core:error] [pid 2148731] [client 10.99.15.51:50406] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 15:34:29.121074 2022] [authz_core:error] [pid 2149316] [client 10.99.15.51:50826] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 15:57:34.045701 2022] [php:error] [pid 2150241] [client 18.157.184.4:55150] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\Framework\\App\\ResourceConnection\\Proxy" does not exist in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php:34\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#22 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#23 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#24 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#25 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#26 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#27 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#28 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#29 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#30 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#31 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#32 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#33 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#34 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(70): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#35 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#36 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#37 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#38 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#39 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php on line 34
[Tue Sep 20 16:04:06.961515 2022] [authz_core:error] [pid 2153941] [client 10.99.15.51:50974] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Tue Sep 20 16:40:31.408062 2022] [authz_core:error] [pid 2154034] [client 10.99.15.51:51136] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 09:38:20.795354 2022] [authz_core:error] [pid 2186367] [client 10.99.15.51:53592] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 10:57:55.151186 2022] [authz_core:error] [pid 2188501] [client 10.99.15.51:57022] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 11:13:11.861112 2022] [authz_core:error] [pid 2188876] [client 10.99.15.51:57238] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 11:43:26.576356 2022] [authz_core:error] [pid 2189222] [client 10.99.15.51:57520] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 12:05:27.261193 2022] [authz_core:error] [pid 2191138] [client 10.99.15.51:58004] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 12:07:30.092368 2022] [authz_core:error] [pid 2191155] [client 10.99.15.51:58054] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 12:33:33.945501 2022] [authz_core:error] [pid 2191915] [client 10.99.15.51:58352] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 16:32:44.408066 2022] [authz_core:error] [pid 2194730] [client 10.99.15.51:60576] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 21:30:21.429102 2022] [authz_core:error] [pid 2198519] [client 10.99.15.51:34016] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 21:35:38.696326 2022] [authz_core:error] [pid 2204527] [client 10.99.15.51:34048] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 21:44:16.163268 2022] [authz_core:error] [pid 2200544] [client 10.99.15.51:34104] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 21:45:41.456443 2022] [authz_core:error] [pid 2204988] [client 10.99.15.51:34120] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 22:02:05.246483 2022] [authz_core:error] [pid 2205010] [client 10.99.15.51:34168] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 22:28:42.686386 2022] [authz_core:error] [pid 2205090] [client 10.99.15.51:34292] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 22:50:06.500642 2022] [php:error] [pid 2205997] [client 5.179.183.13:3526] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/vino-test.html
[Wed Sep 21 22:54:06.955242 2022] [authz_core:error] [pid 2205921] [client 10.99.15.51:34438] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 22:56:39.867380 2022] [php:error] [pid 2207183] [client 5.179.183.13:3581] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: http://magento.test.indaco.store/admin_xd1yn7/admin/system_config/edit/key/481ec48364f0f32be3e582641121d4392f1faa6708eb08c46b67a7cf0b6a378f/section/carriers/
[Wed Sep 21 22:56:48.692037 2022] [php:error] [pid 2207208] [client 5.179.183.13:3388] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Wed Sep 21 22:57:07.827726 2022] [authz_core:error] [pid 2207186] [client 10.99.15.51:34470] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 23:05:32.334555 2022] [authz_core:error] [pid 2205922] [client 10.99.15.51:34590] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 23:06:33.781677 2022] [authz_core:error] [pid 2207365] [client 10.99.15.51:34618] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 23:21:39.113517 2022] [authz_core:error] [pid 2207905] [client 10.99.15.51:34718] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 23:37:12.333574 2022] [authz_core:error] [pid 2207518] [client 10.99.15.51:34778] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Wed Sep 21 23:53:36.295575 2022] [authz_core:error] [pid 2208442] [client 10.99.15.51:34924] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:00:48.018245 2022] [authz_core:error] [pid 2208798] [client 10.99.15.51:35058] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:00:48.042969 2022] [authz_core:error] [pid 2208800] [client 10.99.15.51:35060] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:00:50.355095 2022] [authz_core:error] [pid 2208773] [client 10.99.15.51:35066] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:01:00.668095 2022] [authz_core:error] [pid 2208775] [client 10.99.15.51:35072] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:01:03.405298 2022] [authz_core:error] [pid 2208788] [client 10.99.15.51:35080] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:01:36.175044 2022] [authz_core:error] [pid 2208805] [client 10.99.15.51:35088] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:01:38.370990 2022] [authz_core:error] [pid 2208798] [client 10.99.15.51:35094] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:01:52.771462 2022] [authz_core:error] [pid 2208771] [client 10.99.15.51:35104] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:01:57.079428 2022] [authz_core:error] [pid 2208772] [client 10.99.15.51:35110] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:01:59.431411 2022] [authz_core:error] [pid 2208771] [client 10.99.15.51:35116] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:02:09.393764 2022] [authz_core:error] [pid 2208866] [client 10.99.15.51:35136] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:02:36.303336 2022] [authz_core:error] [pid 2208773] [client 10.99.15.51:35148] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:02:41.930288 2022] [authz_core:error] [pid 2208805] [client 10.99.15.51:35154] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:02:46.411234 2022] [authz_core:error] [pid 2208800] [client 10.99.15.51:35160] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:02:53.802346 2022] [authz_core:error] [pid 2208895] [client 10.99.15.51:35176] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:03:23.062577 2022] [authz_core:error] [pid 2208775] [client 10.99.15.51:35200] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:11:28.555696 2022] [authz_core:error] [pid 2208794] [client 10.99.15.51:35344] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:11:35.410621 2022] [authz_core:error] [pid 2208943] [client 10.99.15.51:35350] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:12:24.626014 2022] [authz_core:error] [pid 2208794] [client 10.99.15.51:35360] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:12:53.985531 2022] [authz_core:error] [pid 2208943] [client 10.99.15.51:35394] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:13:04.280630 2022] [authz_core:error] [pid 2209372] [client 10.99.15.51:35412] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:13:06.744677 2022] [authz_core:error] [pid 2208943] [client 10.99.15.51:35420] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:13:40.188773 2022] [authz_core:error] [pid 2208775] [client 10.99.15.51:35520] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:13:42.406868 2022] [authz_core:error] [pid 2209372] [client 10.99.15.51:35532] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:13:50.398931 2022] [authz_core:error] [pid 2208775] [client 10.99.15.51:35556] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 00:14:19.997809 2022] [authz_core:error] [pid 2208798] [client 10.99.15.51:35574] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/app/etc/config.php
[Thu Sep 22 14:47:59.753539 2022] [authz_core:error] [pid 2227628] [client 152.89.196.211:49742] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Thu Sep 22 14:59:40.260284 2022] [authz_core:error] [pid 2227678] [client 152.89.196.211:48956] AH01630: client denied by server configuration: /var/www/magento.test.indaco.store/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Thu Sep 22 17:45:56.430315 2022] [core:error] [pid 2232400] [client 152.89.196.211:38522] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Thu Sep 22 22:14:01.525725 2022] [php:error] [pid 2238069] [client 93.70.89.166:46940] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: https://magento.test.indaco.store/admin_xd1yn7/cms/page/edit/page_id/8/key/53d2f3a94755ed50bf1e8e043c207d81342c90620ae9bd664b70feefd8c743a2/
[Thu Sep 22 22:18:31.725822 2022] [php:error] [pid 2239583] [client 93.70.89.166:45888] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: https://magento.test.indaco.store/admin_xd1yn7/cms/page/edit/page_id/8/key/53d2f3a94755ed50bf1e8e043c207d81342c90620ae9bd664b70feefd8c743a2/back/edit/
[Thu Sep 22 22:18:37.869359 2022] [php:error] [pid 2238312] [client 93.70.89.166:45889] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\Framework\\App\\ResourceConnection\\Proxy" does not exist in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php:34\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#21 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#22 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#23 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#24 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#25 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#26 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#27 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#28 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#29 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#30 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#31 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#32 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#33 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#34 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(70): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#35 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#36 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#37 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#38 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#39 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/framework/Code/Reader/ClassReader.php on line 34, referer: https://magento.test.indaco.store/admin_xd1yn7/cms/page/edit/page_id/8/key/53d2f3a94755ed50bf1e8e043c207d81342c90620ae9bd664b70feefd8c743a2/back/edit/
[Thu Sep 22 22:18:49.408946 2022] [php:error] [pid 2239601] [client 93.70.89.166:45891] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: https://magento.test.indaco.store/ordini-e-resi
[Thu Sep 22 22:18:51.572512 2022] [php:error] [pid 2239507] [client 93.70.89.166:45892] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Thu Sep 22 22:18:52.301336 2022] [php:error] [pid 2238588] [client 93.70.89.166:45913] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indaco.store/www/var/cache/" is not writable in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indaco.store/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indaco.store/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indaco.store/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indaco.store/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indaco.store/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indaco.store/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 08:53:22.439367 2022] [core:error] [pid 2253013] [client 128.14.209.162:54370] AH00126: Invalid URI in request HEAD /icons/.%2e/%2e%2e/apache2/icons/sphere1.png HTTP/1.1
[Fri Sep 23 09:47:53.107158 2022] [authz_core:error] [pid 2255067] [client 139.59.168.195:35384] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Sep 23 09:56:23.605399 2022] [php:error] [pid 2255248] [client 18.157.184.4:46376] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/cache/" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:02:27.377513 2022] [php:error] [pid 2261463] [client 37.186.153.120:21748] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:02:27.381292 2022] [php:error] [pid 2261504] [client 37.186.153.120:5826] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:02:42.504584 2022] [php:error] [pid 2261497] [client 18.157.184.4:48842] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:03:17.915023 2022] [php:error] [pid 2261527] [client 37.186.153.120:58099] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:03:17.948732 2022] [php:error] [pid 2261013] [client 37.186.153.120:23081] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:03:58.706507 2022] [php:error] [pid 2261463] [client 37.186.153.120:4425] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:03:58.706747 2022] [php:error] [pid 2261013] [client 37.186.153.120:40465] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:04:41.120946 2022] [php:error] [pid 2261463] [client 37.186.153.120:10082] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Sep 23 17:04:41.125687 2022] [php:error] [pid 2261527] [client 37.186.153.120:19533] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Mon Sep 26 03:28:29.230795 2022] [authz_core:error] [pid 2292728] [client 206.189.98.117:37390] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Sep 26 10:02:36.021005 2022] [php:warn] [pid 2299584] [client 93.70.89.166:46059] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_CONFIG): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691, referer: https://magento.test.indacotrentino.com/
[Mon Sep 26 10:02:36.028361 2022] [php:warn] [pid 2299584] [client 93.70.89.166:46059] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_MAGE): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691, referer: https://magento.test.indacotrentino.com/
[Mon Sep 26 10:02:38.340483 2022] [php:warn] [pid 2299675] [client 20.13.203.177:7184] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_CONFIG): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691, referer: https://magento.test.indacotrentino.com/
[Mon Sep 26 10:02:38.340513 2022] [php:warn] [pid 2299675] [client 20.13.203.177:7184] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_MAGE): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691, referer: https://magento.test.indacotrentino.com/
[Mon Sep 26 10:02:39.070835 2022] [php:warn] [pid 2299310] [client 20.13.203.177:7183] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_CONFIG): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691, referer: https://magento.test.indacotrentino.com/
[Mon Sep 26 10:02:39.070870 2022] [php:warn] [pid 2299310] [client 20.13.203.177:7183] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_MAGE): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691, referer: https://magento.test.indacotrentino.com/
[Tue Sep 27 11:07:04.997971 2022] [php:error] [pid 2318566] [client 217.71.68.23:27511] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\RemoteStorage\\Driver\\Adapter\\MetadataProviderInterfaceFactory" does not exist in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/GetParameterClassTrait.php:34\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/GetParameterClassTrait.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php(42): Magento\\Framework\\Code\\Reader\\ClassReader->getParameterClass()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(206): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(182): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->parseArray()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#22 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#23 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#24 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#25 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#26 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#27 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#28 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#29 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#30 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#31 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#32 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#33 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#34 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#35 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#36 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#37 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#38 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#39 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#40 /var/www
[Tue Sep 27 11:07:05.226026 2022] [php:error] [pid 2318162] [client 217.71.68.23:61781] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\RemoteStorage\\Driver\\Adapter\\MetadataProviderInterfaceFactory" does not exist in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/GetParameterClassTrait.php:34\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/GetParameterClassTrait.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php(42): Magento\\Framework\\Code\\Reader\\ClassReader->getParameterClass()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(206): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(182): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->parseArray()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#22 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#23 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#24 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#25 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#26 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#27 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#28 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#29 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#30 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#31 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#32 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#33 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#34 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#35 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#36 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#37 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#38 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#39 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#40 /var/www
[Tue Sep 27 11:07:06.730892 2022] [php:error] [pid 2318373] [client 217.71.68.23:63293] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\RemoteStorage\\Driver\\Adapter\\MetadataProviderInterfaceFactory" does not exist in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/GetParameterClassTrait.php:34\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/GetParameterClassTrait.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php(42): Magento\\Framework\\Code\\Reader\\ClassReader->getParameterClass()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(206): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(182): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->parseArray()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#22 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#23 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#24 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#25 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#26 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#27 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#28 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#29 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#30 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#31 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#32 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#33 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#34 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#35 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#36 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#37 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#38 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#39 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#40 /var/www
[Tue Sep 27 14:57:00.766928 2022] [php:warn] [pid 2323765] [client 213.21.147.71:61340] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_CONFIG): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691
[Tue Sep 27 14:57:00.769961 2022] [php:warn] [pid 2323765] [client 213.21.147.71:61340] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_MAGE): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691
[Tue Sep 27 14:57:00.782927 2022] [php:warn] [pid 2323765] [client 213.21.147.71:61340] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_CONFIG): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691
[Tue Sep 27 14:57:00.782949 2022] [php:warn] [pid 2323765] [client 213.21.147.71:61340] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_MAGE): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691
[Tue Sep 27 14:57:04.366266 2022] [php:warn] [pid 2323765] [client 213.21.147.71:61340] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_CONFIG): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691
[Tue Sep 27 14:57:04.366300 2022] [php:warn] [pid 2323765] [client 213.21.147.71:61340] PHP Warning: file_put_contents(/var/www/magento.test.indacotrentino.com/www/var/cache//mage-tags/mage---20a_MAGE): Failed to open stream: Permission denied in /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php on line 691
[Tue Sep 27 15:18:15.828515 2022] [php:error] [pid 2324668] [client 151.36.239.102:12103] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\Framework\\App\\ResourceConnection\\Proxy" does not exist in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php:34\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#22 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#23 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#24 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#25 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#26 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#27 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#28 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#29 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#30 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#31 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#32 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#33 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#34 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(70): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#35 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#36 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#37 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#38 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#39 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php on line 34
[Tue Sep 27 15:18:22.696070 2022] [php:error] [pid 2326102] [client 151.36.239.102:12104] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\Framework\\App\\ResourceConnection\\Proxy" does not exist in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php:34\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#22 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#23 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#24 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#25 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#26 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#27 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#28 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#29 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#30 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#31 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#32 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#33 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#34 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(70): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#35 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#36 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#37 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#38 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#39 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php on line 34
[Tue Sep 27 15:21:27.319535 2022] [php:error] [pid 2324496] [client 151.36.239.102:12120] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/cache/" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Wed Sep 28 22:28:51.739788 2022] [php:error] [pid 2351176] [client 3.124.2.39:57382] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/cache/" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Thu Sep 29 16:03:35.941268 2022] [authz_core:error] [pid 2367645] [client 195.96.137.3:12970] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Sep 30 06:30:10.678920 2022] [authz_core:error] [pid 2372270] [client 152.89.196.211:36072] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Fri Sep 30 06:37:01.938835 2022] [authz_core:error] [pid 2372684] [client 152.89.196.211:47630] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Fri Sep 30 08:40:17.828830 2022] [ssl:error] [pid 2372267] [client 54.91.33.214:50902] AH02042: rejecting client initiated renegotiation
[Fri Sep 30 09:10:17.300969 2022] [core:error] [pid 2372267] [client 152.89.196.211:45138] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Fri Sep 30 16:51:10.310697 2022] [authz_core:error] [pid 2381771] [client 159.223.99.32:33180] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Sep 30 17:26:45.523992 2022] [php:error] [pid 2382170] [client 3.124.2.39:55666] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Sun Oct 02 18:17:11.083467 2022] [authz_core:error] [pid 2406378] [client 35.216.225.215:38816] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Oct 05 12:48:27.873701 2022] [authz_core:error] [pid 2446653] [client 152.89.196.211:58240] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Wed Oct 05 12:54:21.060151 2022] [authz_core:error] [pid 2446613] [client 109.237.97.204:53590] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Thu Oct 06 04:48:50.330966 2022] [authz_core:error] [pid 2453648] [client 152.89.196.211:38646] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Thu Oct 06 11:28:17.707515 2022] [core:error] [pid 2453633] [client 23.251.102.74:50776] AH00126: Invalid URI in request HEAD /icons/.%2e/%2e%2e/apache2/icons/sphere1.png HTTP/1.1
[Thu Oct 06 20:28:30.709033 2022] [core:error] [pid 2453633] [client 152.89.196.211:52512] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Fri Oct 07 17:54:52.221271 2022] [ssl:error] [pid 2466816] [client 107.20.30.116:34716] AH02042: rejecting client initiated renegotiation
[Sun Oct 09 02:18:48.810753 2022] [authz_core:error] [pid 2493000] [client 109.237.97.204:57296] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/app/.env
[Wed Oct 12 16:51:39.894783 2022] [authz_core:error] [pid 2548668] [client 157.245.32.118:57004] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Thu Oct 13 01:21:01.250701 2022] [authz_core:error] [pid 2557785] [client 152.89.196.211:56438] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Fri Oct 14 16:16:57.622763 2022] [authz_core:error] [pid 2570831] [client 152.89.196.211:34560] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Fri Oct 14 19:03:39.025807 2022] [authz_core:error] [pid 2570831] [client 152.89.196.211:43772] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Sun Oct 16 00:58:14.941986 2022] [authz_core:error] [pid 2598830] [client 185.70.186.188:49928] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Oct 16 12:28:25.650459 2022] [core:error] [pid 2599360] [client 152.89.196.211:58914] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Mon Oct 17 04:48:52.551537 2022] [authz_core:error] [pid 2612005] [client 35.216.244.6:56888] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Oct 21 17:14:10.257210 2022] [ssl:error] [pid 2682229] [client 54.198.174.79:45760] AH02042: rejecting client initiated renegotiation
[Fri Oct 21 18:59:19.945900 2022] [authz_core:error] [pid 2682229] [client 152.89.196.211:32946] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Fri Oct 21 19:49:36.519236 2022] [authz_core:error] [pid 2679215] [client 152.89.196.211:58964] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Sat Oct 22 02:58:52.830724 2022] [authz_core:error] [pid 2693889] [client 194.233.160.112:60616] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Mon Oct 24 04:53:27.767290 2022] [core:error] [pid 2718637] [client 152.89.196.211:60880] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Thu Oct 27 13:19:32.543688 2022] [php:error] [pid 2765587] [client 18.157.184.4:55260] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Thu Oct 27 15:00:32.445122 2022] [php:error] [pid 2770143] [client 3.124.2.39:49840] PHP Fatal error: Uncaught ReflectionException: Class "Magento\\Framework\\App\\ResourceConnection\\Proxy" does not exist in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php:34\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php(34): ReflectionClass->__construct()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Definition/Runtime.php(54): Magento\\Framework\\Code\\Reader\\ClassReader->getConstructor()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(48): Magento\\Framework\\ObjectManager\\Definition\\Runtime->getParameters()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#22 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#23 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#24 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#25 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#26 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#27 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#28 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(170): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#29 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(276): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgument()\n#30 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(239): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->getResolvedArgument()\n#31 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(34): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->resolveArgumentsInRuntime()\n#32 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(59): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->_resolveArguments()\n#33 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#34 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(70): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#35 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#36 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#37 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#38 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#39 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Code/Reader/ClassReader.php on line 34
[Thu Oct 27 16:21:32.478234 2022] [php:error] [pid 2771375] [client 18.157.184.4:33252] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Sat Oct 29 04:17:04.883617 2022] [authz_core:error] [pid 2790110] [client 152.89.196.211:57962] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Sat Oct 29 10:22:28.798163 2022] [ssl:error] [pid 2790110] [client 54.147.7.110:55850] AH02042: rejecting client initiated renegotiation
[Sun Oct 30 16:25:15.642099 2022] [authz_core:error] [pid 2803849] [client 152.89.196.211:34180] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Mon Oct 31 07:13:08.524975 2022] [authz_core:error] [pid 2817385] [client 152.89.196.211:33682] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Mon Oct 31 08:26:35.419576 2022] [php:error] [pid 2821471] [client 151.62.205.174:53505] PHP Fatal error: Uncaught Laminas\\Mail\\Protocol\\Exception\\RuntimeException: Could not read from smtps.aruba.it in /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/AbstractProtocol.php:314\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/AbstractProtocol.php(342): Laminas\\Mail\\Protocol\\AbstractProtocol->_receive()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/Smtp.php(466): Laminas\\Mail\\Protocol\\AbstractProtocol->_expect()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/Smtp.php(502): Laminas\\Mail\\Protocol\\Smtp->quit()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/AbstractProtocol.php(116): Laminas\\Mail\\Protocol\\Smtp->_disconnect()\n#4 [internal function]: Laminas\\Mail\\Protocol\\AbstractProtocol->__destruct()\n#5 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/AbstractProtocol.php on line 314, referer: https://magento.test.indacotrentino.com/contact
[Mon Oct 31 09:04:37.796362 2022] [php:error] [pid 2817382] [client 151.62.205.174:54831] PHP Fatal error: Uncaught Laminas\\Mail\\Protocol\\Exception\\RuntimeException: Could not read from smtps.aruba.it in /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/AbstractProtocol.php:314\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/AbstractProtocol.php(342): Laminas\\Mail\\Protocol\\AbstractProtocol->_receive()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/Smtp.php(466): Laminas\\Mail\\Protocol\\AbstractProtocol->_expect()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/Smtp.php(502): Laminas\\Mail\\Protocol\\Smtp->quit()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/Smtp.php(492): Laminas\\Mail\\Protocol\\Smtp->_disconnect()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Transport/Smtp.php(171): Laminas\\Mail\\Protocol\\Smtp->disconnect()\n#5 [internal function]: Laminas\\Mail\\Transport\\Smtp->__destruct()\n#6 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/laminas/laminas-mail/src/Protocol/AbstractProtocol.php on line 314, referer: https://magento.test.indacotrentino.com/contact
[Mon Oct 31 09:54:41.959410 2022] [php:error] [pid 2822969] [client 3.124.2.39:37978] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Mon Oct 31 10:05:28.952960 2022] [php:error] [pid 2823008] [client 3.124.2.39:43322] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Mon Oct 31 20:58:40.465668 2022] [authz_core:error] [pid 2823460] [client 152.89.196.211:48350] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Tue Nov 01 02:08:12.752538 2022] [core:error] [pid 2837207] [client 152.89.196.211:32836] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Wed Nov 02 14:26:14.316896 2022] [php:error] [pid 2851489] [client 5.77.79.179:46537] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Dynamic/Developer.php(66): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Dynamic\\Developer->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/Config.php(52): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Decorator/Bare.php(65): Magento\\Framework\\App\\Cache\\Type\\Config->_getFrontend()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/ConfigLoader.php(73): Magento\\Framework\\Cache\\Frontend\\Decorator\\Bare->load()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Developer.php(79): Magento\\Framework\\App\\ObjectManager\\ConfigLoader->load()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Developer->configureObjectManager()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#21 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#22 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209, referer: https://magento.test.indacotrentino.com/
[Fri Nov 04 14:33:44.240812 2022] [authz_core:error] [pid 2890451] [client 151.236.216.243:63537] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Fri Nov 04 15:05:42.932424 2022] [php:error] [pid 2890449] [client 18.157.184.4:32786] PHP Fatal error: Uncaught Zend_Cache_Exception: cache_dir "/var/www/magento.test.indacotrentino.com/www/var/page_cache" is not writable in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php:209\nStack trace:\n#0 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache/Backend/File.php(180): Zend_Cache::throwException()\n#1 /var/www/magento.test.indacotrentino.com/www/vendor/colinmollenhour/cache-backend-file/File.php(87): Zend_Cache_Backend_File->setCacheDir()\n#2 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(153): Cm_Cache_Backend_File->__construct()\n#3 /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php(94): Zend_Cache::_makeBackend()\n#4 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(442): Zend_Cache::factory()\n#5 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/Cache/Frontend/Adapter/Zend.php(38): Magento\\Framework\\App\\Cache\\Frontend\\Factory->Magento\\Framework\\App\\Cache\\Frontend\\{closure}()\n#6 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\Cache\\Frontend\\Adapter\\Zend->__construct()\n#7 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#8 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(56): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#9 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(444): Magento\\Framework\\ObjectManager\\ObjectManager->create()\n#10 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Factory.php(178): Magento\\Framework\\App\\Cache\\Frontend\\Factory->createCacheWithDefaultOptions()\n#11 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(69): Magento\\Framework\\App\\Cache\\Frontend\\Factory->create()\n#12 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Frontend/Pool.php(156): Magento\\Framework\\App\\Cache\\Frontend\\Pool->_initialize()\n#13 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Cache/Type/FrontendPool.php(87): Magento\\Framework\\App\\Cache\\Frontend\\Pool->get()\n#14 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Interception/Cache/CompiledConfig.php(29): Magento\\Framework\\App\\Cache\\Type\\FrontendPool->get()\n#15 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/AbstractFactory.php(121): Magento\\Framework\\App\\Interception\\Cache\\CompiledConfig->__construct()\n#16 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/Factory/Compiled.php(108): Magento\\Framework\\ObjectManager\\Factory\\AbstractFactory->createObject()\n#17 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/ObjectManager/ObjectManager.php(70): Magento\\Framework\\ObjectManager\\Factory\\Compiled->create()\n#18 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManager/Environment/Compiled.php(117): Magento\\Framework\\ObjectManager\\ObjectManager->get()\n#19 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/ObjectManagerFactory.php(191): Magento\\Framework\\App\\ObjectManager\\Environment\\Compiled->configureObjectManager()\n#20 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(212): Magento\\Framework\\App\\ObjectManagerFactory->create()\n#21 /var/www/magento.test.indacotrentino.com/www/vendor/magento/framework/App/Bootstrap.php(127): Magento\\Framework\\App\\Bootstrap->__construct()\n#22 /var/www/magento.test.indacotrentino.com/www/pub/index.php(27): Magento\\Framework\\App\\Bootstrap::create()\n#23 {main}\n thrown in /var/www/magento.test.indacotrentino.com/www/vendor/magento/zendframework1/library/Zend/Cache.php on line 209
[Fri Nov 04 17:47:47.237672 2022] [authz_core:error] [pid 2901703] [client 165.227.232.121:52206] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Nov 09 13:38:06.440086 2022] [authz_core:error] [pid 2960716] [client 152.89.196.211:44412] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Wed Nov 09 14:24:06.479462 2022] [authz_core:error] [pid 2960714] [client 152.89.196.211:48630] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Thu Nov 10 15:04:26.828653 2022] [:error] [pid 2984920] [client 79.50.106.79:55111] [client 79.50.106.79] ModSecurity: Audit log: Failed to lock global mutex: Invalid argument [hostname "magento.test.indacotrentino.com"] [uri "/pub/index.php"] [unique_id "Y20E6Nia1S@knk7oSjIPAwAAAAA"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7
[Thu Nov 10 15:04:26.828822 2022] [:error] [pid 2984920] [client 79.50.106.79:55111] [client 79.50.106.79] ModSecurity: Audit log: Failed to unlock global mutex: Invalid argument [hostname "magento.test.indacotrentino.com"] [uri "/pub/index.php"] [unique_id "Y20E6Nia1S@knk7oSjIPAwAAAAA"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7
[Thu Nov 10 15:08:38.297871 2022] [:error] [pid 2984987] [client 198.199.92.241:60250] [client 198.199.92.241] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y20F5tiQ2f88viEjsfqK1QAAAAc"]
[Thu Nov 10 15:08:38.297984 2022] [:error] [pid 2984987] [client 198.199.92.241:60250] [client 198.199.92.241] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y20F5tiQ2f88viEjsfqK1QAAAAc"]
[Thu Nov 10 15:08:38.298303 2022] [:error] [pid 2984987] [client 198.199.92.241:60250] [client 198.199.92.241] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y20F5tiQ2f88viEjsfqK1QAAAAc"]
[Thu Nov 10 15:08:38.298470 2022] [:error] [pid 2984987] [client 198.199.92.241:60250] [client 198.199.92.241] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y20F5tiQ2f88viEjsfqK1QAAAAc"]
[Thu Nov 10 15:35:07.759899 2022] [:error] [pid 2984987] [client 154.209.125.119:58944] [client 154.209.125.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y20MG9iQ2f88viEjsfqK2AAAAAc"]
[Thu Nov 10 15:57:29.648894 2022] [:error] [pid 2985961] [client 5.77.90.234:31948] [client 5.77.90.234] ModSecurity: Rule 7efe3f4c6030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "magento.test.indacotrentino.com"] [uri "/admin_xd1yn7/mui/bookmark/save/key/b660784621bc3c20aba9df60a575db476c667fc97d33580f1f2e25642db0c93b/"] [unique_id "Y20RWaft7Fjyld3XJp63cgAAAAQ"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7/catalog/product/index/key/6626ae43a9802eb4cdc95bf4b83c359e7b4d35f685cdfb24f1e45e2a532a956b/
[Thu Nov 10 16:10:31.757902 2022] [:error] [pid 2985972] [client 181.214.206.161:54550] [client 181.214.206.161] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y20UZ0wkqlMi3W3XI13-tAAAAAc"]
[Thu Nov 10 16:44:11.993243 2022] [:error] [pid 2986787] [client 109.206.243.220:56874] [client 109.206.243.220] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y20cS3yh1azHsI5jchOlmwAAAAw"]
[Thu Nov 10 17:08:32.338837 2022] [:error] [pid 2984988] [client 106.75.157.75:56144] [client 106.75.157.75] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/dqgqoeCXckuwPtxov"] [unique_id "Y20iAMG8RTb1VGKz7FY1owAAAAg"]
[Thu Nov 10 17:08:35.021773 2022] [:error] [pid 2986786] [client 106.75.157.75:58110] [client 106.75.157.75] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/dqgqoeCXckuwPtxov"] [unique_id "Y20iA36cpifgspn77NJN9QAAAAs"]
[Thu Nov 10 18:12:04.452619 2022] [core:error] [pid 2984978] [client 152.89.196.211:55930] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Thu Nov 10 19:52:26.242871 2022] [:error] [pid 2984978] [client 130.211.54.158:53376] [client 130.211.54.158] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y21IaqDt-yBj2ZBVl--vKwAAAAI"]
[Thu Nov 10 21:34:31.471469 2022] [:error] [pid 2986784] [client 162.221.192.90:52140] [client 162.221.192.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y21gV-ySEcRc-hbQRrKeJAAAAAA"]
[Thu Nov 10 21:47:04.048236 2022] [:error] [pid 2986786] [client 152.89.196.211:59564] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y21jSH6cpifgspn77NJN@wAAAAs"]
[Fri Nov 11 03:32:48.782970 2022] [:error] [pid 2990674] [client 174.138.57.117:60540] [client 174.138.57.117] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y220UMkrMLTdab@F8L4suQAAAAY"]
[Fri Nov 11 03:32:48.783136 2022] [:error] [pid 2990674] [client 174.138.57.117:60540] [client 174.138.57.117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y220UMkrMLTdab@F8L4suQAAAAY"]
[Fri Nov 11 03:32:48.783467 2022] [:error] [pid 2990674] [client 174.138.57.117:60540] [client 174.138.57.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y220UMkrMLTdab@F8L4suQAAAAY"]
[Fri Nov 11 03:32:48.783657 2022] [:error] [pid 2990674] [client 174.138.57.117:60540] [client 174.138.57.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y220UMkrMLTdab@F8L4suQAAAAY"]
[Fri Nov 11 03:32:49.658724 2022] [:error] [pid 2990673] [client 174.138.57.117:60550] [client 174.138.57.117] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y220UZMRL9ijTwEzX1MCUwAAAAk"]
[Fri Nov 11 03:32:49.658825 2022] [:error] [pid 2990673] [client 174.138.57.117:60550] [client 174.138.57.117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y220UZMRL9ijTwEzX1MCUwAAAAk"]
[Fri Nov 11 03:32:49.659125 2022] [:error] [pid 2990673] [client 174.138.57.117:60550] [client 174.138.57.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y220UZMRL9ijTwEzX1MCUwAAAAk"]
[Fri Nov 11 03:32:49.659310 2022] [:error] [pid 2990673] [client 174.138.57.117:60550] [client 174.138.57.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y220UZMRL9ijTwEzX1MCUwAAAAk"]
[Fri Nov 11 03:32:52.600657 2022] [:error] [pid 2990673] [client 174.138.57.117:60644] [client 174.138.57.117] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y220VJMRL9ijTwEzX1MCVAAAAAk"]
[Fri Nov 11 03:32:52.600754 2022] [:error] [pid 2990673] [client 174.138.57.117:60644] [client 174.138.57.117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y220VJMRL9ijTwEzX1MCVAAAAAk"]
[Fri Nov 11 03:32:52.601046 2022] [:error] [pid 2990673] [client 174.138.57.117:60644] [client 174.138.57.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y220VJMRL9ijTwEzX1MCVAAAAAk"]
[Fri Nov 11 03:32:52.601204 2022] [:error] [pid 2990673] [client 174.138.57.117:60644] [client 174.138.57.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y220VJMRL9ijTwEzX1MCVAAAAAk"]
[Fri Nov 11 03:48:40.874059 2022] [:error] [pid 2990673] [client 192.241.197.157:60218] [client 192.241.197.157] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y224CJMRL9ijTwEzX1MCVQAAAAk"]
[Fri Nov 11 03:48:40.874173 2022] [:error] [pid 2990673] [client 192.241.197.157:60218] [client 192.241.197.157] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y224CJMRL9ijTwEzX1MCVQAAAAk"]
[Fri Nov 11 03:48:40.874482 2022] [:error] [pid 2990673] [client 192.241.197.157:60218] [client 192.241.197.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y224CJMRL9ijTwEzX1MCVQAAAAk"]
[Fri Nov 11 03:48:40.874637 2022] [:error] [pid 2990673] [client 192.241.197.157:60218] [client 192.241.197.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y224CJMRL9ijTwEzX1MCVQAAAAk"]
[Fri Nov 11 04:07:38.453855 2022] [:error] [pid 2990702] [client 192.241.196.142:36022] [client 192.241.196.142] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y228et6idlBSkXh@9EDC8AAAAAA"]
[Fri Nov 11 04:07:38.453984 2022] [:error] [pid 2990702] [client 192.241.196.142:36022] [client 192.241.196.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y228et6idlBSkXh@9EDC8AAAAAA"]
[Fri Nov 11 04:07:38.454613 2022] [:error] [pid 2990702] [client 192.241.196.142:36022] [client 192.241.196.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y228et6idlBSkXh@9EDC8AAAAAA"]
[Fri Nov 11 04:07:38.454804 2022] [:error] [pid 2990702] [client 192.241.196.142:36022] [client 192.241.196.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y228et6idlBSkXh@9EDC8AAAAAA"]
[Fri Nov 11 04:07:48.032619 2022] [:error] [pid 2990671] [client 4.234.85.191:55154] [client 4.234.85.191] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y228hGGDgxZXzyURP9AVEwAAAAg"]
[Fri Nov 11 04:07:48.032810 2022] [:error] [pid 2990671] [client 4.234.85.191:55154] [client 4.234.85.191] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y228hGGDgxZXzyURP9AVEwAAAAg"]
[Fri Nov 11 04:07:48.033019 2022] [:error] [pid 2990671] [client 4.234.85.191:55154] [client 4.234.85.191] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y228hGGDgxZXzyURP9AVEwAAAAg"]
[Fri Nov 11 04:07:48.033184 2022] [:error] [pid 2990671] [client 4.234.85.191:55154] [client 4.234.85.191] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y228hGGDgxZXzyURP9AVEwAAAAg"]
[Fri Nov 11 04:07:48.144119 2022] [:error] [pid 2990672] [client 4.234.85.191:55166] [client 4.234.85.191] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y228hHuQrZnjn7nWTk8rRQAAAAE"]
[Fri Nov 11 04:25:17.558698 2022] [:error] [pid 2990671] [client 192.241.210.170:34198] [client 192.241.210.170] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y23AnWGDgxZXzyURP9AVFAAAAAg"]
[Fri Nov 11 04:25:17.558816 2022] [:error] [pid 2990671] [client 192.241.210.170:34198] [client 192.241.210.170] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y23AnWGDgxZXzyURP9AVFAAAAAg"]
[Fri Nov 11 04:25:17.559148 2022] [:error] [pid 2990671] [client 192.241.210.170:34198] [client 192.241.210.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y23AnWGDgxZXzyURP9AVFAAAAAg"]
[Fri Nov 11 04:25:17.559305 2022] [:error] [pid 2990671] [client 192.241.210.170:34198] [client 192.241.210.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y23AnWGDgxZXzyURP9AVFAAAAAg"]
[Fri Nov 11 04:42:41.164623 2022] [:error] [pid 2990674] [client 64.62.197.163:15905] [client 64.62.197.163] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y23EsckrMLTdab@F8L4svQAAAAY"]
[Fri Nov 11 04:51:15.011414 2022] [:error] [pid 2990702] [client 64.62.197.164:14837] [client 64.62.197.164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y23Gs96idlBSkXh@9EDC8wAAAAA"]
[Fri Nov 11 04:55:10.295889 2022] [:error] [pid 2990672] [client 64.62.197.166:21473] [client 64.62.197.166] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y23HnnuQrZnjn7nWTk8rRwAAAAE"]
[Fri Nov 11 04:56:01.036331 2022] [:error] [pid 2990673] [client 64.62.197.154:41135] [client 64.62.197.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y23H0ZMRL9ijTwEzX1MCWAAAAAk"]
[Fri Nov 11 04:56:01.038242 2022] [:error] [pid 2990673] [client 64.62.197.154:41135] [client 64.62.197.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y23H0ZMRL9ijTwEzX1MCWAAAAAk"]
[Fri Nov 11 04:56:01.038476 2022] [:error] [pid 2990673] [client 64.62.197.154:41135] [client 64.62.197.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y23H0ZMRL9ijTwEzX1MCWAAAAAk"]
[Fri Nov 11 04:56:01.038647 2022] [:error] [pid 2990673] [client 64.62.197.154:41135] [client 64.62.197.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y23H0ZMRL9ijTwEzX1MCWAAAAAk"]
[Fri Nov 11 09:56:11.723474 2022] [:error] [pid 2990702] [client 128.1.248.34:49156] [client 128.1.248.34] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24OK96idlBSkXh@9EDC@gAAAAA"]
[Fri Nov 11 10:16:34.694607 2022] [:error] [pid 2990671] [client 152.89.196.211:46794] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24S8mGDgxZXzyURP9AVGwAAAAg"]
[Fri Nov 11 10:26:33.851920 2022] [:error] [pid 2990673] [client 118.26.104.39:10438] [client 118.26.104.39] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24VSZMRL9ijTwEzX1MCYAAAAAk"]
[Fri Nov 11 10:43:45.876112 2022] [:error] [pid 2996647] [client 192.241.210.40:33438] [client 192.241.210.40] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y24ZUZNHzYsIs7sj6@AyVgAAAAQ"]
[Fri Nov 11 10:43:45.876314 2022] [:error] [pid 2996647] [client 192.241.210.40:33438] [client 192.241.210.40] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y24ZUZNHzYsIs7sj6@AyVgAAAAQ"]
[Fri Nov 11 10:43:45.877261 2022] [:error] [pid 2996647] [client 192.241.210.40:33438] [client 192.241.210.40] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y24ZUZNHzYsIs7sj6@AyVgAAAAQ"]
[Fri Nov 11 10:43:45.877475 2022] [:error] [pid 2996647] [client 192.241.210.40:33438] [client 192.241.210.40] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y24ZUZNHzYsIs7sj6@AyVgAAAAQ"]
[Fri Nov 11 11:25:44.867551 2022] [:error] [pid 2990702] [client 152.89.196.211:41610] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/console/"] [unique_id "Y24jKN6idlBSkXh@9EDC-QAAAAA"]
[Fri Nov 11 11:26:52.732533 2022] [:error] [pid 2996647] [client 134.122.84.173:53358] [client 134.122.84.173] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24jbJNHzYsIs7sj6@AyVwAAAAQ"]
[Fri Nov 11 11:39:39.485909 2022] [:error] [pid 2990671] [client 106.75.37.234:33088] [client 106.75.37.234] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24ma2GDgxZXzyURP9AVHQAAAAg"]
[Fri Nov 11 11:42:17.655330 2022] [:error] [pid 2996647] [client 45.134.144.48:52216] [client 45.134.144.48] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y24nCZNHzYsIs7sj6@AyWgAAAAQ"]
[Fri Nov 11 11:42:17.655504 2022] [:error] [pid 2996647] [client 45.134.144.48:52216] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: ///remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y24nCZNHzYsIs7sj6@AyWgAAAAQ"]
[Fri Nov 11 11:42:17.655554 2022] [:error] [pid 2996647] [client 45.134.144.48:52216] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y24nCZNHzYsIs7sj6@AyWgAAAAQ"]
[Fri Nov 11 11:42:17.655586 2022] [:error] [pid 2996647] [client 45.134.144.48:52216] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y24nCZNHzYsIs7sj6@AyWgAAAAQ"]
[Fri Nov 11 11:42:17.656088 2022] [:error] [pid 2996647] [client 45.134.144.48:52216] [client 45.134.144.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y24nCZNHzYsIs7sj6@AyWgAAAAQ"]
[Fri Nov 11 11:42:17.656295 2022] [:error] [pid 2996647] [client 45.134.144.48:52216] [client 45.134.144.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y24nCZNHzYsIs7sj6@AyWgAAAAQ"]
[Fri Nov 11 12:00:14.430791 2022] [:error] [pid 2990702] [client 152.89.196.211:57430] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "Y24rPt6idlBSkXh@9EDDAQAAAAA"]
[Fri Nov 11 12:10:39.354065 2022] [:error] [pid 2990673] [client 103.153.254.110:56456] [client 103.153.254.110] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24tr5MRL9ijTwEzX1MCZAAAAAk"]
[Fri Nov 11 12:18:02.425770 2022] [:error] [pid 2990674] [client 183.136.225.32:6666] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24vaskrMLTdab@F8L4sywAAAAY"]
[Fri Nov 11 12:21:17.458122 2022] [:error] [pid 2990672] [client 183.136.225.32:36298] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y24wLXuQrZnjn7nWTk8rVQAAAAE"]
[Fri Nov 11 13:02:44.850085 2022] [:error] [pid 2990671] [client 154.209.125.119:52668] [client 154.209.125.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2455GGDgxZXzyURP9AVIgAAAAg"]
[Fri Nov 11 13:20:54.203458 2022] [:error] [pid 2992501] [client 167.94.146.58:46554] [client 167.94.146.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24@JkU9uZ0AzUwP93loOwAAAAM"]
[Fri Nov 11 13:20:54.314803 2022] [:error] [pid 2990673] [client 167.94.146.58:57560] [client 167.94.146.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y24@JpMRL9ijTwEzX1MCZgAAAAk"]
[Fri Nov 11 13:31:07.244889 2022] [:error] [pid 2990670] [client 152.89.196.211:45828] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y25Ai1O2jU2gpk0u0E8UYgAAAAI"]
[Fri Nov 11 13:49:51.497037 2022] [:error] [pid 2990672] [client 176.58.105.58:49342] [client 176.58.105.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y25E73uQrZnjn7nWTk8rWAAAAAE"]
[Fri Nov 11 14:38:29.593898 2022] [core:error] [pid 2992501] [client 152.89.196.211:43644] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Fri Nov 11 15:07:52.169171 2022] [:error] [pid 2992501] [client 152.89.196.211:46930] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y25XOEU9uZ0AzUwP93loPgAAAAM"]
[Fri Nov 11 15:54:22.306517 2022] [:error] [pid 2990672] [client 106.75.176.113:39894] [client 106.75.176.113] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y25iHnuQrZnjn7nWTk8rWgAAAAE"]
[Fri Nov 11 16:10:20.701768 2022] [:error] [pid 2990702] [client 152.89.196.211:45016] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y25l3N6idlBSkXh@9EDDDgAAAAA"]
[Fri Nov 11 16:17:27.778351 2022] [:error] [pid 2992501] [client 51.77.247.119:52844] [client 51.77.247.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/phpinfo"] [unique_id "Y25nh0U9uZ0AzUwP93loPwAAAAM"]
[Fri Nov 11 16:23:04.885185 2022] [:error] [pid 2996647] [client 192.241.208.77:42060] [client 192.241.208.77] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y25o2JNHzYsIs7sj6@AyYwAAAAQ"]
[Fri Nov 11 16:23:04.885315 2022] [:error] [pid 2996647] [client 192.241.208.77:42060] [client 192.241.208.77] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y25o2JNHzYsIs7sj6@AyYwAAAAQ"]
[Fri Nov 11 16:23:04.885706 2022] [:error] [pid 2996647] [client 192.241.208.77:42060] [client 192.241.208.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y25o2JNHzYsIs7sj6@AyYwAAAAQ"]
[Fri Nov 11 16:23:04.885915 2022] [:error] [pid 2996647] [client 192.241.208.77:42060] [client 192.241.208.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y25o2JNHzYsIs7sj6@AyYwAAAAQ"]
[Fri Nov 11 16:55:51.034241 2022] [:error] [pid 2992501] [client 51.77.247.119:34340] [client 51.77.247.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/phpinfo"] [unique_id "Y25wh0U9uZ0AzUwP93loQQAAAAM"]
[Fri Nov 11 18:07:03.592900 2022] [:error] [pid 2990673] [client 35.216.188.92:48894] [client 35.216.188.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26BN5MRL9ijTwEzX1MCbgAAAAk"]
[Fri Nov 11 19:42:05.498779 2022] [:error] [pid 2990672] [client 157.230.223.10:42336] [client 157.230.223.10] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y26XfXuQrZnjn7nWTk8rYAAAAAE"]
[Fri Nov 11 19:42:05.498903 2022] [:error] [pid 2990672] [client 157.230.223.10:42336] [client 157.230.223.10] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y26XfXuQrZnjn7nWTk8rYAAAAAE"]
[Fri Nov 11 19:42:05.499326 2022] [:error] [pid 2990672] [client 157.230.223.10:42336] [client 157.230.223.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y26XfXuQrZnjn7nWTk8rYAAAAAE"]
[Fri Nov 11 19:42:05.499513 2022] [:error] [pid 2990672] [client 157.230.223.10:42336] [client 157.230.223.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y26XfXuQrZnjn7nWTk8rYAAAAAE"]
[Fri Nov 11 19:42:05.932349 2022] [:error] [pid 2990673] [client 157.230.223.10:42350] [client 157.230.223.10] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y26XfZMRL9ijTwEzX1MCcAAAAAk"]
[Fri Nov 11 19:42:05.932455 2022] [:error] [pid 2990673] [client 157.230.223.10:42350] [client 157.230.223.10] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y26XfZMRL9ijTwEzX1MCcAAAAAk"]
[Fri Nov 11 19:42:05.932768 2022] [:error] [pid 2990673] [client 157.230.223.10:42350] [client 157.230.223.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y26XfZMRL9ijTwEzX1MCcAAAAAk"]
[Fri Nov 11 19:42:05.932944 2022] [:error] [pid 2990673] [client 157.230.223.10:42350] [client 157.230.223.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y26XfZMRL9ijTwEzX1MCcAAAAAk"]
[Fri Nov 11 19:42:08.400803 2022] [:error] [pid 2990671] [client 157.230.223.10:42456] [client 157.230.223.10] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26XgGGDgxZXzyURP9AVKwAAAAg"]
[Fri Nov 11 19:42:08.400911 2022] [:error] [pid 2990671] [client 157.230.223.10:42456] [client 157.230.223.10] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26XgGGDgxZXzyURP9AVKwAAAAg"]
[Fri Nov 11 19:42:08.401292 2022] [:error] [pid 2990671] [client 157.230.223.10:42456] [client 157.230.223.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26XgGGDgxZXzyURP9AVKwAAAAg"]
[Fri Nov 11 19:42:08.401491 2022] [:error] [pid 2990671] [client 157.230.223.10:42456] [client 157.230.223.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26XgGGDgxZXzyURP9AVKwAAAAg"]
[Fri Nov 11 19:52:25.683356 2022] [:error] [pid 2990702] [client 35.195.93.98:52536] [client 35.195.93.98] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26Z6d6idlBSkXh@9EDDFQAAAAA"]
[Fri Nov 11 20:00:28.550050 2022] [:error] [pid 2990672] [client 162.142.125.8:45668] [client 162.142.125.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26bzHuQrZnjn7nWTk8rYQAAAAE"]
[Fri Nov 11 20:00:28.939703 2022] [:error] [pid 2992501] [client 162.142.125.8:53228] [client 162.142.125.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26bzEU9uZ0AzUwP93loRAAAAAM"]
[Fri Nov 11 20:07:32.683790 2022] [:error] [pid 2990672] [client 109.237.98.226:33944] [client 109.237.98.226] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y26ddHuQrZnjn7nWTk8rYgAAAAE"]
[Fri Nov 11 20:07:32.683996 2022] [:error] [pid 2990672] [client 109.237.98.226:33944] [client 109.237.98.226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y26ddHuQrZnjn7nWTk8rYgAAAAE"]
[Fri Nov 11 20:07:32.684292 2022] [:error] [pid 2990672] [client 109.237.98.226:33944] [client 109.237.98.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y26ddHuQrZnjn7nWTk8rYgAAAAE"]
[Fri Nov 11 20:07:32.684453 2022] [:error] [pid 2990672] [client 109.237.98.226:33944] [client 109.237.98.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y26ddHuQrZnjn7nWTk8rYgAAAAE"]
[Fri Nov 11 20:19:15.245498 2022] [:error] [pid 2990702] [client 109.206.243.162:44504] [client 109.206.243.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y26gM96idlBSkXh@9EDDFwAAAAA"]
[Fri Nov 11 20:57:42.557923 2022] [:error] [pid 2990671] [client 128.14.141.34:42506] [client 128.14.141.34] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26pNmGDgxZXzyURP9AVLgAAAAg"]
[Fri Nov 11 22:06:39.917049 2022] [:error] [pid 2990671] [client 147.182.145.170:51286] [client 147.182.145.170] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y265X2GDgxZXzyURP9AVMAAAAAg"]
[Fri Nov 11 22:06:41.658771 2022] [:error] [pid 2990702] [client 147.182.145.170:38960] [client 147.182.145.170] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y265Yd6idlBSkXh@9EDDGgAAAAA"]
[Fri Nov 11 22:06:45.002541 2022] [:error] [pid 2990672] [client 147.182.145.170:39084] [client 147.182.145.170] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y265ZXuQrZnjn7nWTk8rZQAAAAE"]
[Fri Nov 11 22:06:45.002650 2022] [:error] [pid 2990672] [client 147.182.145.170:39084] [client 147.182.145.170] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y265ZXuQrZnjn7nWTk8rZQAAAAE"]
[Fri Nov 11 22:06:45.002988 2022] [:error] [pid 2990672] [client 147.182.145.170:39084] [client 147.182.145.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y265ZXuQrZnjn7nWTk8rZQAAAAE"]
[Fri Nov 11 22:06:45.003171 2022] [:error] [pid 2990672] [client 147.182.145.170:39084] [client 147.182.145.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y265ZXuQrZnjn7nWTk8rZQAAAAE"]
[Fri Nov 11 22:19:58.335022 2022] [:error] [pid 2990674] [client 52.140.116.120:62754] [client 52.140.116.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y268fskrMLTdab@F8L4s3wAAAAY"]
[Fri Nov 11 22:19:58.335266 2022] [:error] [pid 2990674] [client 52.140.116.120:62754] [client 52.140.116.120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y268fskrMLTdab@F8L4s3wAAAAY"]
[Fri Nov 11 22:19:58.335546 2022] [:error] [pid 2990674] [client 52.140.116.120:62754] [client 52.140.116.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y268fskrMLTdab@F8L4s3wAAAAY"]
[Fri Nov 11 22:19:58.335709 2022] [:error] [pid 2990674] [client 52.140.116.120:62754] [client 52.140.116.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y268fskrMLTdab@F8L4s3wAAAAY"]
[Fri Nov 11 22:19:58.797205 2022] [:error] [pid 2996647] [client 52.140.116.120:62935] [client 52.140.116.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y268fpNHzYsIs7sj6@AybAAAAAQ"]
[Fri Nov 11 22:27:41.087534 2022] [:error] [pid 2992501] [client 176.153.233.194:55902] [client 176.153.233.194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y26@TUU9uZ0AzUwP93loSQAAAAM"]
[Fri Nov 11 22:49:06.708002 2022] [:error] [pid 2990702] [client 167.114.77.1:56161] [client 167.114.77.1] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y27DUt6idlBSkXh@9EDDHAAAAAA"]
[Fri Nov 11 22:49:06.708214 2022] [:error] [pid 2990702] [client 167.114.77.1:56161] [client 167.114.77.1] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y27DUt6idlBSkXh@9EDDHAAAAAA"]
[Fri Nov 11 22:49:06.708837 2022] [:error] [pid 2990702] [client 167.114.77.1:56161] [client 167.114.77.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y27DUt6idlBSkXh@9EDDHAAAAAA"]
[Fri Nov 11 22:49:06.709030 2022] [:error] [pid 2990702] [client 167.114.77.1:56161] [client 167.114.77.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y27DUt6idlBSkXh@9EDDHAAAAAA"]
[Fri Nov 11 22:55:04.902449 2022] [:error] [pid 2990674] [client 205.210.31.159:59368] [client 205.210.31.159] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y27EuMkrMLTdab@F8L4s4AAAAAY"]
[Fri Nov 11 22:59:50.072072 2022] [:error] [pid 2992501] [client 192.241.195.53:39918] [client 192.241.195.53] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y27F1kU9uZ0AzUwP93loSgAAAAM"]
[Fri Nov 11 22:59:50.072216 2022] [:error] [pid 2992501] [client 192.241.195.53:39918] [client 192.241.195.53] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y27F1kU9uZ0AzUwP93loSgAAAAM"]
[Fri Nov 11 22:59:50.072560 2022] [:error] [pid 2992501] [client 192.241.195.53:39918] [client 192.241.195.53] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y27F1kU9uZ0AzUwP93loSgAAAAM"]
[Fri Nov 11 22:59:50.072730 2022] [:error] [pid 2992501] [client 192.241.195.53:39918] [client 192.241.195.53] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y27F1kU9uZ0AzUwP93loSgAAAAM"]
[Fri Nov 11 23:00:25.028791 2022] [:error] [pid 2990670] [client 162.221.192.90:38100] [client 162.221.192.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y27F@VO2jU2gpk0u0E8UcAAAAAI"]
[Fri Nov 11 23:09:06.533822 2022] [:error] [pid 2990670] [client 194.180.48.125:52036] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y27IAlO2jU2gpk0u0E8UcQAAAAI"]
[Fri Nov 11 23:13:05.598070 2022] [:error] [pid 3002749] [client 152.89.196.211:40664] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y27I8YK0iYVNmqZD83OudwAAAAU"]
[Sat Nov 12 00:17:38.735762 2022] [:error] [pid 3003822] [client 152.89.196.211:47262] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/console/"] [unique_id "Y27YEvcIq4WpPN4UQ4cSKgAAAAE"]
[Sat Nov 12 00:18:28.013228 2022] [:error] [pid 3003823] [client 128.14.209.162:55614] [client 128.14.209.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y27YRCvTjlfWJTIkkSsGsgAAAAk"]
[Sat Nov 12 00:28:03.974022 2022] [:error] [pid 3003821] [client 152.89.196.211:55276] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "Y27ag3VfzrxmckSWDpD7BAAAAAg"]
[Sat Nov 12 01:29:04.331515 2022] [:error] [pid 3003821] [client 172.104.193.53:57898] [client 172.104.193.53] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y27o0HVfzrxmckSWDpD7BgAAAAg"]
[Sat Nov 12 01:38:46.448659 2022] [:error] [pid 3003856] [client 152.89.196.211:41604] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y27rFgOZYL22AjbAmE6M1gAAAAA"]
[Sat Nov 12 01:59:48.550133 2022] [:error] [pid 3003823] [client 128.14.224.248:45210] [client 128.14.224.248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y27wBCvTjlfWJTIkkSsGtgAAAAk"]
[Sat Nov 12 02:00:08.370308 2022] [:error] [pid 3003856] [client 128.14.224.248:53330] [client 128.14.224.248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y27wGAOZYL22AjbAmE6M1wAAAAA"]
[Sat Nov 12 02:00:27.610026 2022] [:error] [pid 3004536] [client 128.14.224.248:33894] [client 128.14.224.248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y27wK2V0ufGZ0LdhAInGswAAAAM"]
[Sat Nov 12 02:00:43.716977 2022] [:error] [pid 3003824] [client 128.14.224.248:39932] [client 128.14.224.248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/sitemap.xml"] [unique_id "Y27wO-21VBey29vyFkicuwAAAAY"]
[Sat Nov 12 02:04:26.585298 2022] [:error] [pid 3004536] [client 152.89.196.211:47982] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y27xGmV0ufGZ0LdhAInGtAAAAAM"]
[Sat Nov 12 03:57:10.314514 2022] [:error] [pid 3004536] [client 128.14.134.134:45828] [client 128.14.134.134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y28LhmV0ufGZ0LdhAInGtwAAAAM"]
[Sat Nov 12 03:57:50.583790 2022] [:error] [pid 3003824] [client 194.180.48.125:41196] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y28Lrv21VBey29vyFkicvwAAAAY"]
[Sat Nov 12 04:11:02.402428 2022] [:error] [pid 3003856] [client 192.241.199.105:59330] [client 192.241.199.105] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y28OxgOZYL22AjbAmE6M2wAAAAA"]
[Sat Nov 12 04:11:02.402562 2022] [:error] [pid 3003856] [client 192.241.199.105:59330] [client 192.241.199.105] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y28OxgOZYL22AjbAmE6M2wAAAAA"]
[Sat Nov 12 04:11:02.403242 2022] [:error] [pid 3003856] [client 192.241.199.105:59330] [client 192.241.199.105] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y28OxgOZYL22AjbAmE6M2wAAAAA"]
[Sat Nov 12 04:11:02.403473 2022] [:error] [pid 3003856] [client 192.241.199.105:59330] [client 192.241.199.105] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y28OxgOZYL22AjbAmE6M2wAAAAA"]
[Sat Nov 12 04:22:03.292046 2022] [:error] [pid 3003821] [client 192.241.192.92:33136] [client 192.241.192.92] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y28RW3VfzrxmckSWDpD7DAAAAAg"]
[Sat Nov 12 04:22:03.292226 2022] [:error] [pid 3003821] [client 192.241.192.92:33136] [client 192.241.192.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y28RW3VfzrxmckSWDpD7DAAAAAg"]
[Sat Nov 12 04:22:03.292600 2022] [:error] [pid 3003821] [client 192.241.192.92:33136] [client 192.241.192.92] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y28RW3VfzrxmckSWDpD7DAAAAAg"]
[Sat Nov 12 04:22:03.292773 2022] [:error] [pid 3003821] [client 192.241.192.92:33136] [client 192.241.192.92] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y28RW3VfzrxmckSWDpD7DAAAAAg"]
[Sat Nov 12 06:49:25.775881 2022] [:error] [pid 3003856] [client 23.251.102.74:55920] [client 23.251.102.74] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y28z5QOZYL22AjbAmE6M3gAAAAA"]
[Sat Nov 12 07:14:04.707586 2022] [:error] [pid 3003822] [client 194.110.203.60:52042] [client 194.110.203.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/service/rest/swagger.json"] [unique_id "Y285rPcIq4WpPN4UQ4cSNgAAAAE"]
[Sat Nov 12 07:29:45.948615 2022] [:error] [pid 3003824] [client 183.136.225.32:9235] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y289Wf21VBey29vyFkicxAAAAAY"]
[Sat Nov 12 09:20:44.112539 2022] [:error] [pid 3003824] [client 159.203.17.227:55802] [client 159.203.17.227] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y29XXP21VBey29vyFkicxwAAAAY"]
[Sat Nov 12 09:20:46.044681 2022] [:error] [pid 3003823] [client 159.203.17.227:55824] [client 159.203.17.227] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y29XXivTjlfWJTIkkSsGwQAAAAk"]
[Sat Nov 12 09:20:50.158609 2022] [:error] [pid 3003821] [client 159.203.17.227:34944] [client 159.203.17.227] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y29XYnVfzrxmckSWDpD7EwAAAAg"]
[Sat Nov 12 09:20:50.158709 2022] [:error] [pid 3003821] [client 159.203.17.227:34944] [client 159.203.17.227] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y29XYnVfzrxmckSWDpD7EwAAAAg"]
[Sat Nov 12 09:20:50.159026 2022] [:error] [pid 3003821] [client 159.203.17.227:34944] [client 159.203.17.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y29XYnVfzrxmckSWDpD7EwAAAAg"]
[Sat Nov 12 09:20:50.159212 2022] [:error] [pid 3003821] [client 159.203.17.227:34944] [client 159.203.17.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y29XYnVfzrxmckSWDpD7EwAAAAg"]
[Sat Nov 12 10:12:49.436912 2022] [:error] [pid 3009472] [client 194.180.48.125:53410] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y29jkeysGbVdowfz9NaUqwAAAAQ"]
[Sat Nov 12 11:33:14.327545 2022] [:error] [pid 3003822] [client 20.238.41.0:50049] [client 20.238.41.0] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y292avcIq4WpPN4UQ4cSPQAAAAE"]
[Sat Nov 12 12:23:52.173577 2022] [:error] [pid 3004536] [client 128.14.209.162:51342] [client 128.14.209.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@CSGV0ufGZ0LdhAInGxAAAAAM"]
[Sat Nov 12 13:40:46.604519 2022] [:error] [pid 3003822] [client 194.180.48.125:35014] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y2@UTvcIq4WpPN4UQ4cSQgAAAAE"]
[Sat Nov 12 14:49:03.845754 2022] [:error] [pid 3003821] [client 198.199.95.203:58788] [client 198.199.95.203] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y2@kT3VfzrxmckSWDpD7HAAAAAg"]
[Sat Nov 12 14:49:03.845876 2022] [:error] [pid 3003821] [client 198.199.95.203:58788] [client 198.199.95.203] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y2@kT3VfzrxmckSWDpD7HAAAAAg"]
[Sat Nov 12 14:49:03.846585 2022] [:error] [pid 3003821] [client 198.199.95.203:58788] [client 198.199.95.203] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y2@kT3VfzrxmckSWDpD7HAAAAAg"]
[Sat Nov 12 14:49:03.846773 2022] [:error] [pid 3003821] [client 198.199.95.203:58788] [client 198.199.95.203] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y2@kT3VfzrxmckSWDpD7HAAAAAg"]
[Sat Nov 12 14:55:00.639109 2022] [:error] [pid 3003824] [client 167.248.133.119:48412] [client 167.248.133.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@ltP21VBey29vyFkic0AAAAAY"]
[Sat Nov 12 14:57:39.178049 2022] [:error] [pid 3009472] [client 184.105.139.95:45495] [client 184.105.139.95] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@mU@ysGbVdowfz9NaUtAAAAAQ"]
[Sat Nov 12 15:04:25.151535 2022] [:error] [pid 3009472] [client 154.209.125.119:39508] [client 154.209.125.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@n6eysGbVdowfz9NaUtQAAAAQ"]
[Sat Nov 12 15:07:43.188686 2022] [:error] [pid 3003821] [client 184.105.139.87:10381] [client 184.105.139.87] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y2@or3VfzrxmckSWDpD7HwAAAAg"]
[Sat Nov 12 15:13:49.618627 2022] [:error] [pid 3003822] [client 184.105.139.71:62621] [client 184.105.139.71] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@qHfcIq4WpPN4UQ4cSRgAAAAE"]
[Sat Nov 12 15:14:41.185366 2022] [:error] [pid 3003820] [client 184.105.139.115:52819] [client 184.105.139.115] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y2@qUfFpFjvXy7f9BxToPQAAAAI"]
[Sat Nov 12 15:14:41.185545 2022] [:error] [pid 3003820] [client 184.105.139.115:52819] [client 184.105.139.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y2@qUfFpFjvXy7f9BxToPQAAAAI"]
[Sat Nov 12 15:14:41.185783 2022] [:error] [pid 3003820] [client 184.105.139.115:52819] [client 184.105.139.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y2@qUfFpFjvXy7f9BxToPQAAAAI"]
[Sat Nov 12 15:14:41.185961 2022] [:error] [pid 3003820] [client 184.105.139.115:52819] [client 184.105.139.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y2@qUfFpFjvXy7f9BxToPQAAAAI"]
[Sat Nov 12 15:32:36.271954 2022] [:error] [pid 3003821] [client 165.227.111.25:56826] [client 165.227.111.25] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@uhHVfzrxmckSWDpD7IAAAAAg"]
[Sat Nov 12 15:34:38.606055 2022] [:error] [pid 3009472] [client 113.16.157.15:43216] [client 113.16.157.15] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@u-uysGbVdowfz9NaUtwAAAAQ"]
[Sat Nov 12 16:09:35.186150 2022] [:error] [pid 3003856] [client 94.102.61.8:45618] [client 94.102.61.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2@3LwOZYL22AjbAmE6M7gAAAAA"]
[Sat Nov 12 18:07:23.436346 2022] [:error] [pid 3003856] [client 152.89.196.211:46558] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-SywOZYL22AjbAmE6M7wAAAAA"]
[Sat Nov 12 18:15:44.592275 2022] [:error] [pid 3003824] [client 23.251.102.74:53160] [client 23.251.102.74] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-UwP21VBey29vyFkic1gAAAAY"]
[Sat Nov 12 19:37:38.017192 2022] [:error] [pid 3003823] [client 34.140.248.32:47100] [client 34.140.248.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-n8ivTjlfWJTIkkSsGzQAAAAk"]
[Sat Nov 12 19:49:36.563136 2022] [:error] [pid 3003822] [client 152.89.196.211:36154] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-qwPcIq4WpPN4UQ4cSTAAAAAE"]
[Sat Nov 12 20:07:49.981752 2022] [:error] [pid 3003821] [client 181.214.206.161:33320] [client 181.214.206.161] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "628"] [id "920330"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-vBXVfzrxmckSWDpD7JwAAAAg"]
[Sat Nov 12 20:07:49.981802 2022] [:error] [pid 3003821] [client 181.214.206.161:33320] [client 181.214.206.161] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-vBXVfzrxmckSWDpD7JwAAAAg"]
[Sat Nov 12 20:07:49.982127 2022] [:error] [pid 3003821] [client 181.214.206.161:33320] [client 181.214.206.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-vBXVfzrxmckSWDpD7JwAAAAg"]
[Sat Nov 12 20:07:49.982282 2022] [:error] [pid 3003821] [client 181.214.206.161:33320] [client 181.214.206.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-vBXVfzrxmckSWDpD7JwAAAAg"]
[Sat Nov 12 20:33:46.662288 2022] [:error] [pid 3003824] [client 87.236.176.249:50349] [client 87.236.176.249] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-1Gv21VBey29vyFkic2QAAAAY"]
[Sat Nov 12 21:12:12.733360 2022] [:error] [pid 3004536] [client 88.247.8.95:52510] [client 88.247.8.95] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y2-@HGV0ufGZ0LdhAInG0AAAAAM"]
[Sat Nov 12 21:45:24.122506 2022] [:error] [pid 3003821] [client 87.212.185.165:40845] [client 87.212.185.165] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3AF5HVfzrxmckSWDpD7KQAAAAg"]
[Sat Nov 12 22:26:21.435733 2022] [:error] [pid 3003824] [client 45.134.144.48:38708] [client 45.134.144.48] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3APff21VBey29vyFkic3AAAAAY"]
[Sat Nov 12 22:26:21.437682 2022] [:error] [pid 3003824] [client 45.134.144.48:38708] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: ///remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3APff21VBey29vyFkic3AAAAAY"]
[Sat Nov 12 22:26:21.437732 2022] [:error] [pid 3003824] [client 45.134.144.48:38708] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3APff21VBey29vyFkic3AAAAAY"]
[Sat Nov 12 22:26:21.437774 2022] [:error] [pid 3003824] [client 45.134.144.48:38708] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3APff21VBey29vyFkic3AAAAAY"]
[Sat Nov 12 22:26:21.438300 2022] [:error] [pid 3003824] [client 45.134.144.48:38708] [client 45.134.144.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3APff21VBey29vyFkic3AAAAAY"]
[Sat Nov 12 22:26:21.438468 2022] [:error] [pid 3003824] [client 45.134.144.48:38708] [client 45.134.144.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3APff21VBey29vyFkic3AAAAAY"]
[Sat Nov 12 23:37:53.392127 2022] [:error] [pid 3003823] [client 162.221.192.26:44588] [client 162.221.192.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3AgQSvTjlfWJTIkkSsG0AAAAAk"]
[Sun Nov 13 02:08:45.446022 2022] [:error] [pid 3016836] [client 193.118.53.210:37886] [client 193.118.53.210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3BDnSiF6lwxxr0gSO6sPwAAAAA"]
[Sun Nov 13 04:15:13.490638 2022] [:error] [pid 3016809] [client 192.241.212.132:45128] [client 192.241.212.132] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3BhQRfcNNdWKYJtr2cxwgAAAAs"]
[Sun Nov 13 04:15:13.490762 2022] [:error] [pid 3016809] [client 192.241.212.132:45128] [client 192.241.212.132] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3BhQRfcNNdWKYJtr2cxwgAAAAs"]
[Sun Nov 13 04:15:13.491416 2022] [:error] [pid 3016809] [client 192.241.212.132:45128] [client 192.241.212.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3BhQRfcNNdWKYJtr2cxwgAAAAs"]
[Sun Nov 13 04:15:13.491590 2022] [:error] [pid 3016809] [client 192.241.212.132:45128] [client 192.241.212.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3BhQRfcNNdWKYJtr2cxwgAAAAs"]
[Sun Nov 13 04:31:51.866664 2022] [:error] [pid 3016836] [client 192.241.208.203:46328] [client 192.241.208.203] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3BlJyiF6lwxxr0gSO6sQgAAAAA"]
[Sun Nov 13 04:31:51.866785 2022] [:error] [pid 3016836] [client 192.241.208.203:46328] [client 192.241.208.203] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3BlJyiF6lwxxr0gSO6sQgAAAAA"]
[Sun Nov 13 04:31:51.867194 2022] [:error] [pid 3016836] [client 192.241.208.203:46328] [client 192.241.208.203] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3BlJyiF6lwxxr0gSO6sQgAAAAA"]
[Sun Nov 13 04:31:51.867533 2022] [:error] [pid 3016836] [client 192.241.208.203:46328] [client 192.241.208.203] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3BlJyiF6lwxxr0gSO6sQgAAAAA"]
[Sun Nov 13 04:42:01.051606 2022] [:error] [pid 3016808] [client 23.251.102.74:45050] [client 23.251.102.74] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3BnidnptZOO114F8jcy@gAAAAo"]
[Sun Nov 13 06:15:22.140284 2022] [:error] [pid 3016836] [client 43.158.215.27:45128] [client 43.158.215.27] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3B9aiiF6lwxxr0gSO6sRAAAAAA"]
[Sun Nov 13 06:16:06.486783 2022] [:error] [pid 3016807] [client 64.62.197.180:40817] [client 64.62.197.180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3B9lqDCKga7Fe8NlITfWwAAAAc"]
[Sun Nov 13 06:24:55.961109 2022] [:error] [pid 3016809] [client 64.62.197.179:57251] [client 64.62.197.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3B-pxfcNNdWKYJtr2cx5AAAAAs"]
[Sun Nov 13 06:28:21.561156 2022] [:error] [pid 3017879] [client 64.62.197.180:48125] [client 64.62.197.180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3CAdTNUsUlUKu4J87@1VQAAAAE"]
[Sun Nov 13 06:29:04.768540 2022] [:error] [pid 3016806] [client 64.62.197.180:12179] [client 64.62.197.180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CAoHF8fY2ep1MnuWliVwAAAAU"]
[Sun Nov 13 06:29:04.768744 2022] [:error] [pid 3016806] [client 64.62.197.180:12179] [client 64.62.197.180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CAoHF8fY2ep1MnuWliVwAAAAU"]
[Sun Nov 13 06:29:04.768998 2022] [:error] [pid 3016806] [client 64.62.197.180:12179] [client 64.62.197.180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CAoHF8fY2ep1MnuWliVwAAAAU"]
[Sun Nov 13 06:29:04.769187 2022] [:error] [pid 3016806] [client 64.62.197.180:12179] [client 64.62.197.180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CAoHF8fY2ep1MnuWliVwAAAAU"]
[Sun Nov 13 06:29:42.915257 2022] [:error] [pid 3016793] [client 192.241.192.164:44690] [client 192.241.192.164] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3CAxnWt4Eybf7exxAxeVwAAAAk"]
[Sun Nov 13 06:29:42.915389 2022] [:error] [pid 3016793] [client 192.241.192.164:44690] [client 192.241.192.164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3CAxnWt4Eybf7exxAxeVwAAAAk"]
[Sun Nov 13 06:29:42.915727 2022] [:error] [pid 3016793] [client 192.241.192.164:44690] [client 192.241.192.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3CAxnWt4Eybf7exxAxeVwAAAAk"]
[Sun Nov 13 06:29:42.915896 2022] [:error] [pid 3016793] [client 192.241.192.164:44690] [client 192.241.192.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3CAxnWt4Eybf7exxAxeVwAAAAk"]
[Sun Nov 13 06:38:43.281097 2022] [:error] [pid 3017879] [client 147.182.155.59:49112] [client 147.182.155.59] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3CC4zNUsUlUKu4J87@1VgAAAAE"]
[Sun Nov 13 06:38:47.569632 2022] [:error] [pid 3016808] [client 147.182.155.59:55106] [client 147.182.155.59] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3CC59nptZOO114F8jcy-QAAAAo"]
[Sun Nov 13 06:38:47.569739 2022] [:error] [pid 3016808] [client 147.182.155.59:55106] [client 147.182.155.59] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3CC59nptZOO114F8jcy-QAAAAo"]
[Sun Nov 13 06:38:47.570067 2022] [:error] [pid 3016808] [client 147.182.155.59:55106] [client 147.182.155.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3CC59nptZOO114F8jcy-QAAAAo"]
[Sun Nov 13 06:38:47.570246 2022] [:error] [pid 3016808] [client 147.182.155.59:55106] [client 147.182.155.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3CC59nptZOO114F8jcy-QAAAAo"]
[Sun Nov 13 07:21:06.822315 2022] [:error] [pid 3016807] [client 20.83.209.255:53262] [client 20.83.209.255] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CM0qDCKga7Fe8NlITfXgAAAAc"]
[Sun Nov 13 07:21:06.822517 2022] [:error] [pid 3016807] [client 20.83.209.255:53262] [client 20.83.209.255] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CM0qDCKga7Fe8NlITfXgAAAAc"]
[Sun Nov 13 07:21:06.822787 2022] [:error] [pid 3016807] [client 20.83.209.255:53262] [client 20.83.209.255] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CM0qDCKga7Fe8NlITfXgAAAAc"]
[Sun Nov 13 07:21:06.822962 2022] [:error] [pid 3016807] [client 20.83.209.255:53262] [client 20.83.209.255] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3CM0qDCKga7Fe8NlITfXgAAAAc"]
[Sun Nov 13 10:09:18.602485 2022] [:error] [pid 3016793] [client 195.96.137.5:45601] [client 195.96.137.5] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3C0PnWt4Eybf7exxAxeXAAAAAk"]
[Sun Nov 13 10:09:18.862648 2022] [:error] [pid 3016807] [client 195.96.137.5:53612] [client 195.96.137.5] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3C0PqDCKga7Fe8NlITfXwAAAAc"]
[Sun Nov 13 10:09:18.958196 2022] [:error] [pid 3022991] [client 195.96.137.5:21097] [client 195.96.137.5] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/sdk"] [unique_id "Y3C0PhpNe9SZna5iH93PkwAAAAI"]
[Sun Nov 13 10:09:19.467866 2022] [authz_core:error] [pid 3017879] [client 195.96.137.5:65064] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sun Nov 13 10:09:19.663985 2022] [:error] [pid 3022991] [client 195.96.137.5:46359] [client 195.96.137.5] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".dll"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/scripts/WPnBr.dll"] [unique_id "Y3C0PxpNe9SZna5iH93PlgAAAAI"]
[Sun Nov 13 10:09:19.664364 2022] [:error] [pid 3022991] [client 195.96.137.5:46359] [client 195.96.137.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/scripts/WPnBr.dll"] [unique_id "Y3C0PxpNe9SZna5iH93PlgAAAAI"]
[Sun Nov 13 10:09:19.664530 2022] [:error] [pid 3022991] [client 195.96.137.5:46359] [client 195.96.137.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/scripts/WPnBr.dll"] [unique_id "Y3C0PxpNe9SZna5iH93PlgAAAAI"]
[Sun Nov 13 10:09:19.712571 2022] [:error] [pid 3017879] [client 195.96.137.5:37581] [client 195.96.137.5] ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). [hostname "37.186.153.126"] [uri "/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"] [unique_id "Y3C0PzNUsUlUKu4J87@1YgAAAAE"]
[Sun Nov 13 10:09:19.898076 2022] [:error] [pid 3016808] [client 195.96.137.5:27656] [client 195.96.137.5] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/.git/HEAD"] [unique_id "Y3C0P9nptZOO114F8jczBwAAAAo"]
[Sun Nov 13 10:09:19.898237 2022] [:error] [pid 3016808] [client 195.96.137.5:27656] [client 195.96.137.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/.git/HEAD"] [unique_id "Y3C0P9nptZOO114F8jczBwAAAAo"]
[Sun Nov 13 10:09:19.898363 2022] [:error] [pid 3016808] [client 195.96.137.5:27656] [client 195.96.137.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/.git/HEAD"] [unique_id "Y3C0P9nptZOO114F8jczBwAAAAo"]
[Sun Nov 13 10:09:23.162369 2022] [:error] [pid 3016836] [client 195.96.137.5:13898] [client 195.96.137.5] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/base.inc"] [unique_id "Y3C0QyiF6lwxxr0gSO6sVwAAAAA"]
[Sun Nov 13 10:09:23.162688 2022] [:error] [pid 3016836] [client 195.96.137.5:13898] [client 195.96.137.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/base.inc"] [unique_id "Y3C0QyiF6lwxxr0gSO6sVwAAAAA"]
[Sun Nov 13 10:09:23.162848 2022] [:error] [pid 3016836] [client 195.96.137.5:13898] [client 195.96.137.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/base.inc"] [unique_id "Y3C0QyiF6lwxxr0gSO6sVwAAAAA"]
[Sun Nov 13 10:09:37.815459 2022] [:error] [pid 3016806] [client 195.96.137.5:13753] [client 195.96.137.5] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3C0UXF8fY2ep1MnuWliYgAAAAU"]
[Sun Nov 13 10:36:16.792822 2022] [:error] [pid 3016808] [client 167.248.133.45:56124] [client 167.248.133.45] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3C6kNnptZOO114F8jczIgAAAAo"]
[Sun Nov 13 10:36:17.203085 2022] [:error] [pid 3016807] [client 167.248.133.45:52468] [client 167.248.133.45] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3C6kaDCKga7Fe8NlITfeQAAAAc"]
[Sun Nov 13 12:14:20.172639 2022] [:error] [pid 3016808] [client 192.241.210.196:39698] [client 192.241.210.196] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3DRjNnptZOO114F8jczJQAAAAo"]
[Sun Nov 13 12:14:20.172773 2022] [:error] [pid 3016808] [client 192.241.210.196:39698] [client 192.241.210.196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3DRjNnptZOO114F8jczJQAAAAo"]
[Sun Nov 13 12:14:20.173179 2022] [:error] [pid 3016808] [client 192.241.210.196:39698] [client 192.241.210.196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3DRjNnptZOO114F8jczJQAAAAo"]
[Sun Nov 13 12:14:20.173369 2022] [:error] [pid 3016808] [client 192.241.210.196:39698] [client 192.241.210.196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3DRjNnptZOO114F8jczJQAAAAo"]
[Sun Nov 13 12:15:27.098268 2022] [:error] [pid 3016807] [client 198.199.95.173:33098] [client 198.199.95.173] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3DRz6DCKga7Fe8NlITffAAAAAc"]
[Sun Nov 13 12:15:27.098406 2022] [:error] [pid 3016807] [client 198.199.95.173:33098] [client 198.199.95.173] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3DRz6DCKga7Fe8NlITffAAAAAc"]
[Sun Nov 13 12:15:27.098826 2022] [:error] [pid 3016807] [client 198.199.95.173:33098] [client 198.199.95.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3DRz6DCKga7Fe8NlITffAAAAAc"]
[Sun Nov 13 12:15:27.099046 2022] [:error] [pid 3016807] [client 198.199.95.173:33098] [client 198.199.95.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3DRz6DCKga7Fe8NlITffAAAAAc"]
[Sun Nov 13 12:15:57.346059 2022] [:error] [pid 3016793] [client 192.241.196.120:36914] [client 192.241.196.120] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3DR7XWt4Eybf7exxAxegQAAAAk"]
[Sun Nov 13 12:15:57.346177 2022] [:error] [pid 3016793] [client 192.241.196.120:36914] [client 192.241.196.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3DR7XWt4Eybf7exxAxegQAAAAk"]
[Sun Nov 13 12:15:57.347260 2022] [:error] [pid 3016793] [client 192.241.196.120:36914] [client 192.241.196.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3DR7XWt4Eybf7exxAxegQAAAAk"]
[Sun Nov 13 12:15:57.347440 2022] [:error] [pid 3016793] [client 192.241.196.120:36914] [client 192.241.196.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3DR7XWt4Eybf7exxAxegQAAAAk"]
[Sun Nov 13 12:52:44.153996 2022] [:error] [pid 3016808] [client 167.94.138.46:55870] [client 167.94.138.46] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3DajNnptZOO114F8jczJgAAAAo"]
[Sun Nov 13 12:52:44.622621 2022] [:error] [pid 3016807] [client 167.94.138.46:59508] [client 167.94.138.46] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3DajKDCKga7Fe8NlITffQAAAAc"]
[Sun Nov 13 13:01:01.020292 2022] [:error] [pid 3016836] [client 193.118.53.194:57952] [client 193.118.53.194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/cgi-bin/config.exp"] [unique_id "Y3DcfSiF6lwxxr0gSO6sbwAAAAA"]
[Sun Nov 13 14:20:37.674716 2022] [:error] [pid 3016793] [client 162.221.192.26:50236] [client 162.221.192.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3DvJXWt4Eybf7exxAxegwAAAAk"]
[Sun Nov 13 14:47:15.973744 2022] [:error] [pid 3016809] [client 162.142.125.211:35666] [client 162.142.125.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3D1YxfcNNdWKYJtr2cyEAAAAAs"]
[Sun Nov 13 15:04:45.708111 2022] [:error] [pid 3017879] [client 154.209.125.119:39513] [client 154.209.125.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3D5fTNUsUlUKu4J87@1bwAAAAE"]
[Sun Nov 13 15:35:59.980590 2022] [:error] [pid 3022991] [client 152.89.196.211:36844] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3EAzxpNe9SZna5iH93PuAAAAAI"]
[Sun Nov 13 17:35:28.983771 2022] [:error] [pid 3016808] [client 152.89.196.211:45942] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3Ec0NnptZOO114F8jczLwAAAAo"]
[Sun Nov 13 17:51:59.963278 2022] [:error] [pid 3016807] [client 109.206.243.220:58184] [client 109.206.243.220] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3Egr6DCKga7Fe8NlITfhQAAAAc"]
[Sun Nov 13 18:32:28.513668 2022] [:error] [pid 3016809] [client 192.241.208.117:44794] [client 192.241.208.117] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3EqLBfcNNdWKYJtr2cyFQAAAAs"]
[Sun Nov 13 18:32:28.513806 2022] [:error] [pid 3016809] [client 192.241.208.117:44794] [client 192.241.208.117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3EqLBfcNNdWKYJtr2cyFQAAAAs"]
[Sun Nov 13 18:32:28.514453 2022] [:error] [pid 3016809] [client 192.241.208.117:44794] [client 192.241.208.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3EqLBfcNNdWKYJtr2cyFQAAAAs"]
[Sun Nov 13 18:32:28.514635 2022] [:error] [pid 3016809] [client 192.241.208.117:44794] [client 192.241.208.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3EqLBfcNNdWKYJtr2cyFQAAAAs"]
[Sun Nov 13 19:31:37.902749 2022] [:error] [pid 3016806] [client 34.78.6.216:59224] [client 34.78.6.216] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3E4CXF8fY2ep1MnuWlibwAAAAU"]
[Sun Nov 13 20:01:27.613545 2022] [:error] [pid 3016806] [client 109.237.98.226:47710] [client 109.237.98.226] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3E-B3F8fY2ep1MnuWlicQAAAAU"]
[Sun Nov 13 20:01:27.613785 2022] [:error] [pid 3016806] [client 109.237.98.226:47710] [client 109.237.98.226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3E-B3F8fY2ep1MnuWlicQAAAAU"]
[Sun Nov 13 20:01:27.614065 2022] [:error] [pid 3016806] [client 109.237.98.226:47710] [client 109.237.98.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3E-B3F8fY2ep1MnuWlicQAAAAU"]
[Sun Nov 13 20:01:27.614256 2022] [:error] [pid 3016806] [client 109.237.98.226:47710] [client 109.237.98.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3E-B3F8fY2ep1MnuWlicQAAAAU"]
[Sun Nov 13 20:22:58.662226 2022] [:error] [pid 3027889] [client 162.221.192.26:51166] [client 162.221.192.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3FEEjitMMLTBhV19TQebQAAAAs"]
[Sun Nov 13 22:33:33.488345 2022] [:error] [pid 3017879] [client 154.89.5.209:59640] [client 154.89.5.209] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3FirTNUsUlUKu4J87@1zwAAAAE"]
[Mon Nov 14 02:12:00.443769 2022] [:error] [pid 3029940] [client 93.177.103.215:47896] [client 93.177.103.215] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GV4Ck49TsA8AE0Z7dlkgAAAAo"]
[Mon Nov 14 02:12:00.444034 2022] [:error] [pid 3029940] [client 93.177.103.215:47896] [client 93.177.103.215] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GV4Ck49TsA8AE0Z7dlkgAAAAo"]
[Mon Nov 14 02:12:00.444402 2022] [:error] [pid 3029940] [client 93.177.103.215:47896] [client 93.177.103.215] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GV4Ck49TsA8AE0Z7dlkgAAAAo"]
[Mon Nov 14 02:12:00.444623 2022] [:error] [pid 3029940] [client 93.177.103.215:47896] [client 93.177.103.215] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GV4Ck49TsA8AE0Z7dlkgAAAAo"]
[Mon Nov 14 04:10:46.689399 2022] [:error] [pid 3029938] [client 4.233.106.66:49543] [client 4.233.106.66] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GxtnpJmgTQZu85SZzwlAAAAAU"]
[Mon Nov 14 04:10:46.689601 2022] [:error] [pid 3029938] [client 4.233.106.66:49543] [client 4.233.106.66] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GxtnpJmgTQZu85SZzwlAAAAAU"]
[Mon Nov 14 04:10:46.689851 2022] [:error] [pid 3029938] [client 4.233.106.66:49543] [client 4.233.106.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GxtnpJmgTQZu85SZzwlAAAAAU"]
[Mon Nov 14 04:10:46.690038 2022] [:error] [pid 3029938] [client 4.233.106.66:49543] [client 4.233.106.66] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3GxtnpJmgTQZu85SZzwlAAAAAU"]
[Mon Nov 14 04:10:46.775414 2022] [:error] [pid 3029940] [client 4.233.106.66:49550] [client 4.233.106.66] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Gxtik49TsA8AE0Z7dllQAAAAo"]
[Mon Nov 14 04:22:29.960760 2022] [:error] [pid 3029941] [client 192.241.199.201:46986] [client 192.241.199.201] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3G0dV35efOleDD6NO5VOQAAAAE"]
[Mon Nov 14 04:22:29.960893 2022] [:error] [pid 3029941] [client 192.241.199.201:46986] [client 192.241.199.201] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3G0dV35efOleDD6NO5VOQAAAAE"]
[Mon Nov 14 04:22:29.961515 2022] [:error] [pid 3029941] [client 192.241.199.201:46986] [client 192.241.199.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3G0dV35efOleDD6NO5VOQAAAAE"]
[Mon Nov 14 04:22:29.961709 2022] [:error] [pid 3029941] [client 192.241.199.201:46986] [client 192.241.199.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3G0dV35efOleDD6NO5VOQAAAAE"]
[Mon Nov 14 04:36:09.056410 2022] [:error] [pid 3029938] [client 198.199.94.194:47314] [client 198.199.94.194] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3G3qXpJmgTQZu85SZzwlQAAAAU"]
[Mon Nov 14 04:36:09.056517 2022] [:error] [pid 3029938] [client 198.199.94.194:47314] [client 198.199.94.194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3G3qXpJmgTQZu85SZzwlQAAAAU"]
[Mon Nov 14 04:36:09.056823 2022] [:error] [pid 3029938] [client 198.199.94.194:47314] [client 198.199.94.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3G3qXpJmgTQZu85SZzwlQAAAAU"]
[Mon Nov 14 04:36:09.056991 2022] [:error] [pid 3029938] [client 198.199.94.194:47314] [client 198.199.94.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3G3qXpJmgTQZu85SZzwlQAAAAU"]
[Mon Nov 14 07:02:42.951987 2022] [:error] [pid 3029938] [client 52.53.167.163:48448] [client 52.53.167.163] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3HaAnpJmgTQZu85SZzwmQAAAAU"]
[Mon Nov 14 07:47:44.251778 2022] [:error] [pid 3029939] [client 170.178.217.103:37224] [client 170.178.217.103] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3HkkB6nmIX-XAaT7YZZIAAAAAc"]
[Mon Nov 14 07:55:48.679830 2022] [:error] [pid 3029938] [client 64.62.197.48:14073] [client 64.62.197.48] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3HmdHpJmgTQZu85SZzwmwAAAAU"]
[Mon Nov 14 08:03:56.772479 2022] [:error] [pid 3029951] [client 64.62.197.53:62445] [client 64.62.197.53] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3HoXDyf3pkZGuMo3KSemQAAAAA"]
[Mon Nov 14 08:07:46.255216 2022] [:error] [pid 3033597] [client 64.62.197.51:36711] [client 64.62.197.51] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3HpQra-wVUPp6qtknddcAAAAAI"]
[Mon Nov 14 08:08:50.322421 2022] [:error] [pid 3029942] [client 64.62.197.51:28365] [client 64.62.197.51] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3HpgpZhMk0BZv2MTdLj6gAAAAg"]
[Mon Nov 14 08:08:50.322607 2022] [:error] [pid 3029942] [client 64.62.197.51:28365] [client 64.62.197.51] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3HpgpZhMk0BZv2MTdLj6gAAAAg"]
[Mon Nov 14 08:08:50.322851 2022] [:error] [pid 3029942] [client 64.62.197.51:28365] [client 64.62.197.51] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3HpgpZhMk0BZv2MTdLj6gAAAAg"]
[Mon Nov 14 08:08:50.323023 2022] [:error] [pid 3029942] [client 64.62.197.51:28365] [client 64.62.197.51] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3HpgpZhMk0BZv2MTdLj6gAAAAg"]
[Mon Nov 14 10:36:56.546325 2022] [:error] [pid 3035297] [client 128.1.248.26:51094] [client 128.1.248.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3IMONtRFCNp-nfj6Yt5hwAAAAU"]
[Mon Nov 14 11:15:21.620776 2022] [:error] [pid 3033983] [client 168.119.172.232:64816] [client 168.119.172.232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3IVOTc@yhbbkRbraNXYHgAAAAM"]
[Mon Nov 14 11:15:21.620988 2022] [:error] [pid 3033983] [client 168.119.172.232:64816] [client 168.119.172.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3IVOTc@yhbbkRbraNXYHgAAAAM"]
[Mon Nov 14 11:15:21.621243 2022] [:error] [pid 3033983] [client 168.119.172.232:64816] [client 168.119.172.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3IVOTc@yhbbkRbraNXYHgAAAAM"]
[Mon Nov 14 11:15:21.621439 2022] [:error] [pid 3033983] [client 168.119.172.232:64816] [client 168.119.172.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3IVOTc@yhbbkRbraNXYHgAAAAM"]
[Mon Nov 14 11:15:21.714993 2022] [:error] [pid 3029942] [client 168.119.172.232:64821] [client 168.119.172.232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3IVOZZhMk0BZv2MTdLkOgAAAAg"]
[Mon Nov 14 12:04:19.667106 2022] [:error] [pid 3029951] [client 94.102.61.8:51524] [client 94.102.61.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Igszyf3pkZGuMo3KSeqwAAAAA"]
[Mon Nov 14 12:11:36.286342 2022] [:error] [pid 3029941] [client 94.102.61.8:39498] [client 94.102.61.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3IiaF35efOleDD6NO5VhwAAAAE"]
[Mon Nov 14 12:14:17.841073 2022] [:error] [pid 3035311] [client 194.110.203.60:56636] [client 194.110.203.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/solr/"] [unique_id "Y3IjCa3R5b0@iDL6-b8c4AAAAAk"]
[Mon Nov 14 12:43:59.357933 2022] [:error] [pid 3029939] [client 106.75.173.138:48464] [client 106.75.173.138] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/t5"] [unique_id "Y3Ip-x6nmIX-XAaT7YZZaQAAAAc"]
[Mon Nov 14 12:54:56.527524 2022] [:error] [pid 3035014] [client 64.227.28.112:35198] [client 64.227.28.112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3IskNoZoBBvitdrYvpQggAAAAQ"]
[Mon Nov 14 13:42:23.094223 2022] [:error] [pid 3035014] [client 152.89.196.211:37704] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3I3r9oZoBBvitdrYvpQgwAAAAQ"]
[Mon Nov 14 15:05:02.408318 2022] [:error] [pid 3035297] [client 154.209.125.119:55918] [client 154.209.125.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3JLDttRFCNp-nfj6Yt55wAAAAU"]
[Mon Nov 14 15:22:14.772259 2022] [:error] [pid 3029951] [client 95.131.46.26:15977] [client 95.131.46.26] ModSecurity: Rule 7efe3f964030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "magento.test.indacotrentino.com"] [uri "/admin_xd1yn7/mui/bookmark/save/key/f554eccec48622ec978d5b04812501e2e48b6b8e57d95c8e99af148872700899/"] [unique_id "Y3JPFjyf3pkZGuMo3KSe3QAAAAA"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7/catalog/product/index/key/21a7247c9704d0df52576b078c15ba1737971e113432bec9733080cdf8f0ab8b/
[Mon Nov 14 15:30:27.065310 2022] [:error] [pid 3035015] [client 152.89.196.211:55080] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3JRA7x9I3w1j99WmK9@fAAAAAY"]
[Mon Nov 14 15:53:43.991095 2022] [:error] [pid 3039170] [client 194.180.48.125:51808] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y3JWd6VK1f3-qPFBk2KVuAAAAAQ"]
[Mon Nov 14 16:05:44.634785 2022] [:error] [pid 3035311] [client 104.131.56.248:58846] [client 104.131.56.248] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3JZSK3R5b0@iDL6-b8dLgAAAAk"]
[Mon Nov 14 16:05:44.634956 2022] [:error] [pid 3035311] [client 104.131.56.248:58846] [client 104.131.56.248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3JZSK3R5b0@iDL6-b8dLgAAAAk"]
[Mon Nov 14 16:05:44.635478 2022] [:error] [pid 3035311] [client 104.131.56.248:58846] [client 104.131.56.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3JZSK3R5b0@iDL6-b8dLgAAAAk"]
[Mon Nov 14 16:05:44.635732 2022] [:error] [pid 3035311] [client 104.131.56.248:58846] [client 104.131.56.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3JZSK3R5b0@iDL6-b8dLgAAAAk"]
[Mon Nov 14 16:05:45.012850 2022] [:error] [pid 3039117] [client 104.131.56.248:58850] [client 104.131.56.248] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3JZSXDh9ydm2NGfmR7XlAAAAAI"]
[Mon Nov 14 16:05:45.012953 2022] [:error] [pid 3039117] [client 104.131.56.248:58850] [client 104.131.56.248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3JZSXDh9ydm2NGfmR7XlAAAAAI"]
[Mon Nov 14 16:05:45.013254 2022] [:error] [pid 3039117] [client 104.131.56.248:58850] [client 104.131.56.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3JZSXDh9ydm2NGfmR7XlAAAAAI"]
[Mon Nov 14 16:05:45.013424 2022] [:error] [pid 3039117] [client 104.131.56.248:58850] [client 104.131.56.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3JZSXDh9ydm2NGfmR7XlAAAAAI"]
[Mon Nov 14 16:05:47.312580 2022] [:error] [pid 3029941] [client 104.131.56.248:41246] [client 104.131.56.248] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3JZS135efOleDD6NO5WIQAAAAE"]
[Mon Nov 14 16:05:47.312714 2022] [:error] [pid 3029941] [client 104.131.56.248:41246] [client 104.131.56.248] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3JZS135efOleDD6NO5WIQAAAAE"]
[Mon Nov 14 16:05:47.313041 2022] [:error] [pid 3029941] [client 104.131.56.248:41246] [client 104.131.56.248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3JZS135efOleDD6NO5WIQAAAAE"]
[Mon Nov 14 16:05:47.313328 2022] [:error] [pid 3029941] [client 104.131.56.248:41246] [client 104.131.56.248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3JZS135efOleDD6NO5WIQAAAAE"]
[Mon Nov 14 16:29:32.046453 2022] [:error] [pid 3029939] [client 167.94.138.44:59224] [client 167.94.138.44] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Je3B6nmIX-XAaT7YZZvgAAAAc"]
[Mon Nov 14 19:07:05.283138 2022] [:error] [pid 3035311] [client 150.117.239.184:57462] [client 150.117.239.184] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3KDya3R5b0@iDL6-b8dMQAAAAk"]
[Mon Nov 14 19:48:44.579275 2022] [:error] [pid 3039117] [client 34.76.158.233:46864] [client 34.76.158.233] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3KNjHDh9ydm2NGfmR7XmAAAAAI"]
[Mon Nov 14 20:03:06.433789 2022] [:error] [pid 3039170] [client 198.235.24.180:58396] [client 198.235.24.180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3KQ6qVK1f3-qPFBk2KVvgAAAAQ"]
[Mon Nov 14 20:14:39.302018 2022] [:error] [pid 3035297] [client 185.7.214.218:60496] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3KTn9tRFCNp-nfj6Yt6EwAAAAU"]
[Mon Nov 14 20:14:39.302176 2022] [:error] [pid 3035297] [client 185.7.214.218:60496] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3KTn9tRFCNp-nfj6Yt6EwAAAAU"]
[Mon Nov 14 20:14:39.302219 2022] [:error] [pid 3035297] [client 185.7.214.218:60496] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3KTn9tRFCNp-nfj6Yt6EwAAAAU"]
[Mon Nov 14 20:14:39.302250 2022] [:error] [pid 3035297] [client 185.7.214.218:60496] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3KTn9tRFCNp-nfj6Yt6EwAAAAU"]
[Mon Nov 14 20:14:39.302762 2022] [:error] [pid 3035297] [client 185.7.214.218:60496] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3KTn9tRFCNp-nfj6Yt6EwAAAAU"]
[Mon Nov 14 20:14:39.302929 2022] [:error] [pid 3035297] [client 185.7.214.218:60496] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3KTn9tRFCNp-nfj6Yt6EwAAAAU"]
[Mon Nov 14 20:31:16.019906 2022] [:error] [pid 3039170] [client 194.110.203.60:56012] [client 194.110.203.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/js/zimbraMail/share/model/ZmSettings.js"] [unique_id "Y3KXhKVK1f3-qPFBk2KVvwAAAAQ"]
[Mon Nov 14 22:03:20.525847 2022] [:error] [pid 3035311] [client 51.77.247.119:59742] [client 51.77.247.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/_profiler/phpinfo"] [unique_id "Y3KtGK3R5b0@iDL6-b8dNAAAAAk"]
[Mon Nov 14 22:12:12.206446 2022] [:error] [pid 3035015] [client 52.187.185.143:43168] [client 52.187.185.143] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3KvLLx9I3w1j99WmK9@hgAAAAY"]
[Mon Nov 14 22:16:06.714021 2022] [:error] [pid 3039170] [client 193.118.53.210:34618] [client 193.118.53.210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "Y3KwFqVK1f3-qPFBk2KVwQAAAAQ"]
[Mon Nov 14 22:16:06.714144 2022] [:error] [pid 3039170] [client 193.118.53.210:34618] [client 193.118.53.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "Y3KwFqVK1f3-qPFBk2KVwQAAAAQ"]
[Mon Nov 14 22:16:06.714710 2022] [:error] [pid 3039170] [client 193.118.53.210:34618] [client 193.118.53.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "Y3KwFqVK1f3-qPFBk2KVwQAAAAQ"]
[Mon Nov 14 22:16:06.714884 2022] [:error] [pid 3039170] [client 193.118.53.210:34618] [client 193.118.53.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "Y3KwFqVK1f3-qPFBk2KVwQAAAAQ"]
[Mon Nov 14 23:20:42.908267 2022] [:error] [pid 3038388] [client 192.241.212.15:58834] [client 192.241.212.15] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3K-OpW5q-ZiTRRZRU1pCwAAAAg"]
[Mon Nov 14 23:20:42.908466 2022] [:error] [pid 3038388] [client 192.241.212.15:58834] [client 192.241.212.15] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3K-OpW5q-ZiTRRZRU1pCwAAAAg"]
[Mon Nov 14 23:20:42.908903 2022] [:error] [pid 3038388] [client 192.241.212.15:58834] [client 192.241.212.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3K-OpW5q-ZiTRRZRU1pCwAAAAg"]
[Mon Nov 14 23:20:42.909090 2022] [:error] [pid 3038388] [client 192.241.212.15:58834] [client 192.241.212.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3K-OpW5q-ZiTRRZRU1pCwAAAAg"]
[Mon Nov 14 23:25:22.031535 2022] [:error] [pid 3035297] [client 172.105.161.142:51822] [client 172.105.161.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3LAUttRFCNp-nfj6Yt6FwAAAAU"]
[Mon Nov 14 23:32:59.076358 2022] [:error] [pid 3039117] [client 178.32.197.91:40421] [client 178.32.197.91] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3LCG3Dh9ydm2NGfmR7XnQAAAAI"]
[Mon Nov 14 23:44:58.273509 2022] [:error] [pid 3039170] [client 103.133.111.120:50413] [client 103.133.111.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3LE6qVK1f3-qPFBk2KVwwAAAAQ"]
[Mon Nov 14 23:44:58.273708 2022] [:error] [pid 3039170] [client 103.133.111.120:50413] [client 103.133.111.120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3LE6qVK1f3-qPFBk2KVwwAAAAQ"]
[Mon Nov 14 23:44:58.273963 2022] [:error] [pid 3039170] [client 103.133.111.120:50413] [client 103.133.111.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3LE6qVK1f3-qPFBk2KVwwAAAAQ"]
[Mon Nov 14 23:44:58.274184 2022] [:error] [pid 3039170] [client 103.133.111.120:50413] [client 103.133.111.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3LE6qVK1f3-qPFBk2KVwwAAAAQ"]
[Mon Nov 14 23:44:59.540001 2022] [:error] [pid 3038388] [client 103.133.111.120:51403] [client 103.133.111.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3LE65W5q-ZiTRRZRU1pDAAAAAg"]
[Mon Nov 14 23:50:34.119673 2022] [:error] [pid 3033983] [client 185.180.143.138:52484] [client 185.180.143.138] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3LGOjc@yhbbkRbraNXYhAAAAAM"]
[Mon Nov 14 23:50:45.547685 2022] [:error] [pid 3037850] [client 185.180.143.138:53610] [client 185.180.143.138] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3LGRRAULhiL8SlyffGhrwAAAAo"]
[Tue Nov 15 00:40:32.101686 2022] [:error] [pid 3043589] [client 188.165.87.107:52391] [client 188.165.87.107] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3LR8HJ4PGGu9QckEiz03AAAAAM"]
[Tue Nov 15 01:13:17.425209 2022] [:error] [pid 3043589] [client 162.142.125.8:60266] [client 162.142.125.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3LZnXJ4PGGu9QckEiz03QAAAAM"]
[Tue Nov 15 01:13:17.820974 2022] [:error] [pid 3043591] [client 162.142.125.8:43744] [client 162.142.125.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3LZnWR9CLu1S7lzS2z4cQAAAAU"]
[Tue Nov 15 02:03:44.865652 2022] [:error] [pid 3043591] [client 159.89.169.44:60130] [client 159.89.169.44] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3LlcGR9CLu1S7lzS2z4dAAAAAU"]
[Tue Nov 15 02:03:44.865775 2022] [:error] [pid 3043591] [client 159.89.169.44:60130] [client 159.89.169.44] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3LlcGR9CLu1S7lzS2z4dAAAAAU"]
[Tue Nov 15 02:03:44.866153 2022] [:error] [pid 3043591] [client 159.89.169.44:60130] [client 159.89.169.44] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3LlcGR9CLu1S7lzS2z4dAAAAAU"]
[Tue Nov 15 02:03:44.866338 2022] [:error] [pid 3043591] [client 159.89.169.44:60130] [client 159.89.169.44] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3LlcGR9CLu1S7lzS2z4dAAAAAU"]
[Tue Nov 15 02:03:51.190900 2022] [:error] [pid 3043589] [client 159.89.169.44:52848] [client 159.89.169.44] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Lld3J4PGGu9QckEiz04AAAAAM"]
[Tue Nov 15 02:03:51.191018 2022] [:error] [pid 3043589] [client 159.89.169.44:52848] [client 159.89.169.44] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Lld3J4PGGu9QckEiz04AAAAAM"]
[Tue Nov 15 02:03:51.191342 2022] [:error] [pid 3043589] [client 159.89.169.44:52848] [client 159.89.169.44] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Lld3J4PGGu9QckEiz04AAAAAM"]
[Tue Nov 15 02:03:51.191552 2022] [:error] [pid 3043589] [client 159.89.169.44:52848] [client 159.89.169.44] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Lld3J4PGGu9QckEiz04AAAAAM"]
[Tue Nov 15 02:12:13.610830 2022] [:error] [pid 3043589] [client 45.134.144.48:35509] [client 45.134.144.48] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3LnbXJ4PGGu9QckEiz04QAAAAM"]
[Tue Nov 15 02:12:13.611017 2022] [:error] [pid 3043589] [client 45.134.144.48:35509] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: ///remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3LnbXJ4PGGu9QckEiz04QAAAAM"]
[Tue Nov 15 02:12:13.611067 2022] [:error] [pid 3043589] [client 45.134.144.48:35509] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3LnbXJ4PGGu9QckEiz04QAAAAM"]
[Tue Nov 15 02:12:13.611100 2022] [:error] [pid 3043589] [client 45.134.144.48:35509] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3LnbXJ4PGGu9QckEiz04QAAAAM"]
[Tue Nov 15 02:12:13.611705 2022] [:error] [pid 3043589] [client 45.134.144.48:35509] [client 45.134.144.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3LnbXJ4PGGu9QckEiz04QAAAAM"]
[Tue Nov 15 02:12:13.611889 2022] [:error] [pid 3043589] [client 45.134.144.48:35509] [client 45.134.144.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3LnbXJ4PGGu9QckEiz04QAAAAM"]
[Tue Nov 15 04:23:16.269177 2022] [:error] [pid 3043591] [client 192.241.197.186:33506] [client 192.241.197.186] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3MGJGR9CLu1S7lzS2z4eQAAAAU"]
[Tue Nov 15 04:23:16.269303 2022] [:error] [pid 3043591] [client 192.241.197.186:33506] [client 192.241.197.186] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3MGJGR9CLu1S7lzS2z4eQAAAAU"]
[Tue Nov 15 04:23:16.269989 2022] [:error] [pid 3043591] [client 192.241.197.186:33506] [client 192.241.197.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3MGJGR9CLu1S7lzS2z4eQAAAAU"]
[Tue Nov 15 04:23:16.270186 2022] [:error] [pid 3043591] [client 192.241.197.186:33506] [client 192.241.197.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3MGJGR9CLu1S7lzS2z4eQAAAAU"]
[Tue Nov 15 04:42:35.302040 2022] [:error] [pid 3043588] [client 192.241.200.194:40580] [client 192.241.200.194] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3MKq5zJMuUJaTXoUlLbAwAAAAE"]
[Tue Nov 15 04:42:35.302200 2022] [:error] [pid 3043588] [client 192.241.200.194:40580] [client 192.241.200.194] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3MKq5zJMuUJaTXoUlLbAwAAAAE"]
[Tue Nov 15 04:42:35.304655 2022] [:error] [pid 3043588] [client 192.241.200.194:40580] [client 192.241.200.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3MKq5zJMuUJaTXoUlLbAwAAAAE"]
[Tue Nov 15 04:42:35.304857 2022] [:error] [pid 3043588] [client 192.241.200.194:40580] [client 192.241.200.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3MKq5zJMuUJaTXoUlLbAwAAAAE"]
[Tue Nov 15 05:12:25.661177 2022] [:error] [pid 3043587] [client 185.7.214.218:38626] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3MRqWkJLBNobtdzXvEctwAAAAc"]
[Tue Nov 15 05:12:25.661363 2022] [:error] [pid 3043587] [client 185.7.214.218:38626] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3MRqWkJLBNobtdzXvEctwAAAAc"]
[Tue Nov 15 05:12:25.662888 2022] [:error] [pid 3043587] [client 185.7.214.218:38626] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3MRqWkJLBNobtdzXvEctwAAAAc"]
[Tue Nov 15 05:12:25.662930 2022] [:error] [pid 3043587] [client 185.7.214.218:38626] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3MRqWkJLBNobtdzXvEctwAAAAc"]
[Tue Nov 15 05:12:25.663483 2022] [:error] [pid 3043587] [client 185.7.214.218:38626] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3MRqWkJLBNobtdzXvEctwAAAAc"]
[Tue Nov 15 05:12:25.663665 2022] [:error] [pid 3043587] [client 185.7.214.218:38626] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3MRqWkJLBNobtdzXvEctwAAAAc"]
[Tue Nov 15 05:33:07.272537 2022] [:error] [pid 3043588] [client 128.14.133.58:34026] [client 128.14.133.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/login"] [unique_id "Y3MWg5zJMuUJaTXoUlLbBQAAAAE"]
[Tue Nov 15 06:22:18.618278 2022] [:error] [pid 3043590] [client 128.1.248.26:48728] [client 128.1.248.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3MiCuR8goidCOZtBLT80wAAAAY"]
[Tue Nov 15 06:47:01.131143 2022] [:error] [pid 3046290] [client 168.119.172.232:59148] [client 168.119.172.232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mn1YGJFIH013ReidyHtAAAAAI"]
[Tue Nov 15 06:47:01.131421 2022] [:error] [pid 3046290] [client 168.119.172.232:59148] [client 168.119.172.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mn1YGJFIH013ReidyHtAAAAAI"]
[Tue Nov 15 06:47:01.131740 2022] [:error] [pid 3046290] [client 168.119.172.232:59148] [client 168.119.172.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mn1YGJFIH013ReidyHtAAAAAI"]
[Tue Nov 15 06:47:01.131939 2022] [:error] [pid 3046290] [client 168.119.172.232:59148] [client 168.119.172.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mn1YGJFIH013ReidyHtAAAAAI"]
[Tue Nov 15 06:47:01.287241 2022] [:error] [pid 3043588] [client 168.119.172.232:59180] [client 168.119.172.232] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Mn1ZzJMuUJaTXoUlLbCAAAAAE"]
[Tue Nov 15 07:21:39.802029 2022] [:error] [pid 3043588] [client 35.216.240.37:57468] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Mv85zJMuUJaTXoUlLbCgAAAAE"]
[Tue Nov 15 07:21:44.238941 2022] [:error] [pid 3043587] [client 35.216.240.37:57482] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3Mv@GkJLBNobtdzXvEcvQAAAAc"]
[Tue Nov 15 07:21:44.239109 2022] [:error] [pid 3043587] [client 35.216.240.37:57482] [client 35.216.240.37] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3Mv@GkJLBNobtdzXvEcvQAAAAc"]
[Tue Nov 15 07:21:44.239313 2022] [:error] [pid 3043587] [client 35.216.240.37:57482] [client 35.216.240.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3Mv@GkJLBNobtdzXvEcvQAAAAc"]
[Tue Nov 15 07:21:44.239468 2022] [:error] [pid 3043587] [client 35.216.240.37:57482] [client 35.216.240.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3Mv@GkJLBNobtdzXvEcvQAAAAc"]
[Tue Nov 15 07:21:44.629684 2022] [:error] [pid 3043589] [client 35.216.240.37:57494] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/info.php"] [unique_id "Y3Mv@HJ4PGGu9QckEiz07AAAAAM"]
[Tue Nov 15 07:21:44.881769 2022] [:error] [pid 3043591] [client 35.216.240.37:57498] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3Mv@GR9CLu1S7lzS2z4fwAAAAU"]
[Tue Nov 15 07:21:44.881939 2022] [:error] [pid 3043591] [client 35.216.240.37:57498] [client 35.216.240.37] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3Mv@GR9CLu1S7lzS2z4fwAAAAU"]
[Tue Nov 15 07:21:44.886176 2022] [:error] [pid 3043591] [client 35.216.240.37:57498] [client 35.216.240.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3Mv@GR9CLu1S7lzS2z4fwAAAAU"]
[Tue Nov 15 07:21:44.886435 2022] [:error] [pid 3043591] [client 35.216.240.37:57498] [client 35.216.240.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3Mv@GR9CLu1S7lzS2z4fwAAAAU"]
[Tue Nov 15 07:21:45.120705 2022] [authz_core:error] [pid 3043590] [client 35.216.240.37:57510] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Nov 15 07:21:45.402030 2022] [:error] [pid 3043608] [client 35.216.240.37:57520] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/config.json"] [unique_id "Y3Mv@R0Nbrrp@UQqD@Z10wAAAAA"]
[Tue Nov 15 07:21:45.775304 2022] [:error] [pid 3046290] [client 35.216.240.37:57526] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mv@YGJFIH013ReidyHtgAAAAI"]
[Tue Nov 15 07:21:45.775471 2022] [:error] [pid 3046290] [client 35.216.240.37:57526] [client 35.216.240.37] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mv@YGJFIH013ReidyHtgAAAAI"]
[Tue Nov 15 07:21:45.775684 2022] [:error] [pid 3046290] [client 35.216.240.37:57526] [client 35.216.240.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mv@YGJFIH013ReidyHtgAAAAI"]
[Tue Nov 15 07:21:45.775850 2022] [:error] [pid 3046290] [client 35.216.240.37:57526] [client 35.216.240.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3Mv@YGJFIH013ReidyHtgAAAAI"]
[Tue Nov 15 07:21:46.024389 2022] [:error] [pid 3043588] [client 35.216.240.37:57538] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/idx_config/"] [unique_id "Y3Mv@pzJMuUJaTXoUlLbCwAAAAE"]
[Tue Nov 15 07:21:46.278572 2022] [:error] [pid 3043587] [client 35.216.240.37:57546] [client 35.216.240.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/telescope/requests"] [unique_id "Y3Mv@mkJLBNobtdzXvEcvgAAAAc"]
[Tue Nov 15 10:11:38.128016 2022] [:error] [pid 3043589] [client 64.62.197.116:55625] [client 64.62.197.116] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3NXynJ4PGGu9QckEiz08QAAAAM"]
[Tue Nov 15 10:20:23.958400 2022] [:error] [pid 3043591] [client 64.62.197.113:56493] [client 64.62.197.113] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3NZ12R9CLu1S7lzS2z4hAAAAAU"]
[Tue Nov 15 10:24:29.616415 2022] [:error] [pid 3049022] [client 64.62.197.114:58317] [client 64.62.197.114] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Nazezufc1Vl-7jZVqVWQAAAAk"]
[Tue Nov 15 10:24:36.061292 2022] [:error] [pid 3043591] [client 198.20.69.98:48744] [client 198.20.69.98] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Na1GR9CLu1S7lzS2z4kwAAAAU"]
[Tue Nov 15 10:25:22.470309 2022] [:error] [pid 3043608] [client 64.62.197.107:31541] [client 64.62.197.107] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3NbAh0Nbrrp@UQqD@Z14AAAAAA"]
[Tue Nov 15 10:25:22.470483 2022] [:error] [pid 3043608] [client 64.62.197.107:31541] [client 64.62.197.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3NbAh0Nbrrp@UQqD@Z14AAAAAA"]
[Tue Nov 15 10:25:22.473858 2022] [:error] [pid 3043608] [client 64.62.197.107:31541] [client 64.62.197.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3NbAh0Nbrrp@UQqD@Z14AAAAAA"]
[Tue Nov 15 10:25:22.474047 2022] [:error] [pid 3043608] [client 64.62.197.107:31541] [client 64.62.197.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3NbAh0Nbrrp@UQqD@Z14AAAAAA"]
[Tue Nov 15 10:40:33.328901 2022] [:error] [pid 3046290] [client 174.138.188.242:52882] [client 174.138.188.242] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3NekYGJFIH013ReidyHwgAAAAI"]
[Tue Nov 15 13:06:46.738833 2022] [:error] [pid 3049614] [client 154.209.125.119:18396] [client 154.209.125.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3OA1rIdQ80KeDReNx8kEAAAAAo"]
[Tue Nov 15 14:29:33.540999 2022] [:error] [pid 3043587] [client 109.248.6.9:47030] [client 109.248.6.9] ModSecurity: Warning. Matched phrase "masscan" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan-ng/1.3 (https://github.com/bi-zone/masscan-ng)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3OUPWkJLBNobtdzXvEc6QAAAAc"]
[Tue Nov 15 14:29:33.541102 2022] [:error] [pid 3043587] [client 109.248.6.9:47030] [client 109.248.6.9] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3OUPWkJLBNobtdzXvEc6QAAAAc"]
[Tue Nov 15 14:29:33.541443 2022] [:error] [pid 3043587] [client 109.248.6.9:47030] [client 109.248.6.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3OUPWkJLBNobtdzXvEc6QAAAAc"]
[Tue Nov 15 14:29:33.541617 2022] [:error] [pid 3043587] [client 109.248.6.9:47030] [client 109.248.6.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3OUPWkJLBNobtdzXvEc6QAAAAc"]
[Tue Nov 15 14:33:08.786336 2022] [:error] [pid 3049614] [client 147.78.47.129:59962] [client 147.78.47.129] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OVFLIdQ80KeDReNx8kEQAAAAo"]
[Tue Nov 15 14:33:08.786566 2022] [:error] [pid 3049614] [client 147.78.47.129:59962] [client 147.78.47.129] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OVFLIdQ80KeDReNx8kEQAAAAo"]
[Tue Nov 15 14:33:08.786639 2022] [:error] [pid 3049614] [client 147.78.47.129:59962] [client 147.78.47.129] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OVFLIdQ80KeDReNx8kEQAAAAo"]
[Tue Nov 15 14:33:08.786685 2022] [:error] [pid 3049614] [client 147.78.47.129:59962] [client 147.78.47.129] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OVFLIdQ80KeDReNx8kEQAAAAo"]
[Tue Nov 15 14:33:08.787458 2022] [:error] [pid 3049614] [client 147.78.47.129:59962] [client 147.78.47.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OVFLIdQ80KeDReNx8kEQAAAAo"]
[Tue Nov 15 14:33:08.787697 2022] [:error] [pid 3049614] [client 147.78.47.129:59962] [client 147.78.47.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OVFLIdQ80KeDReNx8kEQAAAAo"]
[Tue Nov 15 14:50:43.353834 2022] [:error] [pid 3043608] [client 152.89.196.211:32792] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3OZMx0Nbrrp@UQqD@Z1-gAAAAA"]
[Tue Nov 15 16:14:14.147990 2022] [:error] [pid 3052729] [client 185.7.214.218:40646] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OsxsFi9HlWI17qnk69RgAAACk"]
[Tue Nov 15 16:14:14.148175 2022] [:error] [pid 3052729] [client 185.7.214.218:40646] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OsxsFi9HlWI17qnk69RgAAACk"]
[Tue Nov 15 16:14:14.148264 2022] [:error] [pid 3052729] [client 185.7.214.218:40646] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OsxsFi9HlWI17qnk69RgAAACk"]
[Tue Nov 15 16:14:14.148298 2022] [:error] [pid 3052729] [client 185.7.214.218:40646] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OsxsFi9HlWI17qnk69RgAAACk"]
[Tue Nov 15 16:14:14.149097 2022] [:error] [pid 3052729] [client 185.7.214.218:40646] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OsxsFi9HlWI17qnk69RgAAACk"]
[Tue Nov 15 16:14:14.149302 2022] [:error] [pid 3052729] [client 185.7.214.218:40646] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3OsxsFi9HlWI17qnk69RgAAACk"]
[Tue Nov 15 16:18:33.351612 2022] [:error] [pid 3052722] [client 128.1.248.26:47514] [client 128.1.248.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3OtyWMFEa9cqtQUGX8W@wAAACI"]
[Tue Nov 15 16:39:55.568449 2022] [:error] [pid 3052722] [client 198.199.95.154:59804] [client 198.199.95.154] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3Oyy2MFEa9cqtQUGX8W-AAAACI"]
[Tue Nov 15 16:39:55.568572 2022] [:error] [pid 3052722] [client 198.199.95.154:59804] [client 198.199.95.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3Oyy2MFEa9cqtQUGX8W-AAAACI"]
[Tue Nov 15 16:39:55.569163 2022] [:error] [pid 3052722] [client 198.199.95.154:59804] [client 198.199.95.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3Oyy2MFEa9cqtQUGX8W-AAAACI"]
[Tue Nov 15 16:39:55.569338 2022] [:error] [pid 3052722] [client 198.199.95.154:59804] [client 198.199.95.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3Oyy2MFEa9cqtQUGX8W-AAAACI"]
[Tue Nov 15 19:10:50.924042 2022] [:error] [pid 3043591] [client 194.180.48.125:39104] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y3PWKmR9CLu1S7lzS2z4yAAAAAU"]
[Tue Nov 15 19:14:41.702311 2022] [:error] [pid 3052729] [client 185.180.143.136:59218] [client 185.180.143.136] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3PXEcFi9HlWI17qnk69SgAAACk"]
[Tue Nov 15 19:48:38.936134 2022] [:error] [pid 3043608] [client 34.78.6.216:45228] [client 34.78.6.216] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3PfBh0Nbrrp@UQqD@Z2IwAAAAA"]
[Tue Nov 15 20:34:19.453272 2022] [:error] [pid 3052723] [client 87.236.176.29:55351] [client 87.236.176.29] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Ppu815Xp8w1CqQ4O9icwAAACM"]
[Tue Nov 15 22:20:19.478941 2022] [:error] [pid 3052390] [client 128.1.248.26:42956] [client 128.1.248.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3QCkxitU0e5Ev-kubGutQAAAAs"]
[Tue Nov 15 22:29:01.033743 2022] [:error] [pid 3043608] [client 185.7.214.218:50754] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3QEnR0Nbrrp@UQqD@Z2JQAAAAA"]
[Tue Nov 15 22:29:01.033927 2022] [:error] [pid 3043608] [client 185.7.214.218:50754] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3QEnR0Nbrrp@UQqD@Z2JQAAAAA"]
[Tue Nov 15 22:29:01.033974 2022] [:error] [pid 3043608] [client 185.7.214.218:50754] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3QEnR0Nbrrp@UQqD@Z2JQAAAAA"]
[Tue Nov 15 22:29:01.034009 2022] [:error] [pid 3043608] [client 185.7.214.218:50754] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3QEnR0Nbrrp@UQqD@Z2JQAAAAA"]
[Tue Nov 15 22:29:01.034727 2022] [:error] [pid 3043608] [client 185.7.214.218:50754] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3QEnR0Nbrrp@UQqD@Z2JQAAAAA"]
[Tue Nov 15 22:29:01.034921 2022] [:error] [pid 3043608] [client 185.7.214.218:50754] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3QEnR0Nbrrp@UQqD@Z2JQAAAAA"]
[Tue Nov 15 23:06:15.529707 2022] [:error] [pid 3052390] [client 167.94.138.46:37626] [client 167.94.138.46] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3QNVxitU0e5Ev-kubGutgAAAAs"]
[Tue Nov 15 23:06:16.010237 2022] [:error] [pid 3052723] [client 167.94.138.46:41808] [client 167.94.138.46] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3QNWM15Xp8w1CqQ4O9idgAAACM"]
[Wed Nov 16 00:35:03.422970 2022] [:error] [pid 3056941] [client 185.81.157.238:55574] [client 185.81.157.238] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3QiJ3rjVpd9Ypq@Td0YLwAAACM"]
[Wed Nov 16 00:35:03.423205 2022] [:error] [pid 3056941] [client 185.81.157.238:55574] [client 185.81.157.238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3QiJ3rjVpd9Ypq@Td0YLwAAACM"]
[Wed Nov 16 00:35:03.423461 2022] [:error] [pid 3056941] [client 185.81.157.238:55574] [client 185.81.157.238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3QiJ3rjVpd9Ypq@Td0YLwAAACM"]
[Wed Nov 16 00:35:03.423645 2022] [:error] [pid 3056941] [client 185.81.157.238:55574] [client 185.81.157.238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3QiJ3rjVpd9Ypq@Td0YLwAAACM"]
[Wed Nov 16 00:35:10.187994 2022] [:error] [pid 3056937] [client 185.81.157.238:61766] [client 185.81.157.238] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env.example"] [unique_id "Y3QiLrVrfYiC6Hkc-QnCZQAAAAU"]
[Wed Nov 16 00:35:10.188171 2022] [:error] [pid 3056937] [client 185.81.157.238:61766] [client 185.81.157.238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env.example"] [unique_id "Y3QiLrVrfYiC6Hkc-QnCZQAAAAU"]
[Wed Nov 16 00:35:10.188485 2022] [:error] [pid 3056937] [client 185.81.157.238:61766] [client 185.81.157.238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env.example"] [unique_id "Y3QiLrVrfYiC6Hkc-QnCZQAAAAU"]
[Wed Nov 16 00:35:10.188659 2022] [:error] [pid 3056937] [client 185.81.157.238:61766] [client 185.81.157.238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env.example"] [unique_id "Y3QiLrVrfYiC6Hkc-QnCZQAAAAU"]
[Wed Nov 16 00:35:18.311313 2022] [:error] [pid 3056939] [client 185.81.157.238:60433] [client 185.81.157.238] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/_profiler/phpinfo"] [unique_id "Y3QiNszMYxkosRyKDIJFqAAAAAs"]
[Wed Nov 16 00:35:24.454325 2022] [:error] [pid 3056964] [client 185.81.157.238:56077] [client 185.81.157.238] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3QiPJu5Ti1lvApl-9zcrAAAAAE"]
[Wed Nov 16 01:35:41.002321 2022] [:error] [pid 3056937] [client 118.26.104.39:60482] [client 118.26.104.39] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3QwXbVrfYiC6Hkc-QnCaAAAAAU"]
[Wed Nov 16 01:37:32.603695 2022] [:error] [pid 3056937] [client 137.184.168.191:49446] [client 137.184.168.191] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/api/public_login_new/b25seXNjYW5z/3ce00749dd913534"] [unique_id "Y3QwzLVrfYiC6Hkc-QnCaQAAAAU"]
[Wed Nov 16 01:37:32.603814 2022] [:error] [pid 3056937] [client 137.184.168.191:49446] [client 137.184.168.191] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/api/public_login_new/b25seXNjYW5z/3ce00749dd913534"] [unique_id "Y3QwzLVrfYiC6Hkc-QnCaQAAAAU"]
[Wed Nov 16 01:37:32.604142 2022] [:error] [pid 3056937] [client 137.184.168.191:49446] [client 137.184.168.191] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/api/public_login_new/b25seXNjYW5z/3ce00749dd913534"] [unique_id "Y3QwzLVrfYiC6Hkc-QnCaQAAAAU"]
[Wed Nov 16 01:37:32.604377 2022] [:error] [pid 3056937] [client 137.184.168.191:49446] [client 137.184.168.191] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/api/public_login_new/b25seXNjYW5z/3ce00749dd913534"] [unique_id "Y3QwzLVrfYiC6Hkc-QnCaQAAAAU"]
[Wed Nov 16 04:05:25.530183 2022] [:error] [pid 3056938] [client 109.248.6.87:47107] [client 109.248.6.87] ModSecurity: Warning. Matched phrase "masscan" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan-ng/1.3 (https://github.com/bi-zone/masscan-ng)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/favicon.ico"] [unique_id "Y3RTdaV7ZkTFXuImD9t2TgAAAAA"]
[Wed Nov 16 04:05:25.530339 2022] [:error] [pid 3056938] [client 109.248.6.87:47107] [client 109.248.6.87] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/favicon.ico"] [unique_id "Y3RTdaV7ZkTFXuImD9t2TgAAAAA"]
[Wed Nov 16 04:05:25.530805 2022] [:error] [pid 3056938] [client 109.248.6.87:47107] [client 109.248.6.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indacotrentino.com"] [uri "/favicon.ico"] [unique_id "Y3RTdaV7ZkTFXuImD9t2TgAAAAA"]
[Wed Nov 16 04:05:25.531025 2022] [:error] [pid 3056938] [client 109.248.6.87:47107] [client 109.248.6.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indacotrentino.com"] [uri "/favicon.ico"] [unique_id "Y3RTdaV7ZkTFXuImD9t2TgAAAAA"]
[Wed Nov 16 04:25:38.962338 2022] [:error] [pid 3056937] [client 192.241.197.72:56850] [client 192.241.197.72] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3RYMrVrfYiC6Hkc-QnCbQAAAAU"]
[Wed Nov 16 04:25:38.962483 2022] [:error] [pid 3056937] [client 192.241.197.72:56850] [client 192.241.197.72] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3RYMrVrfYiC6Hkc-QnCbQAAAAU"]
[Wed Nov 16 04:25:38.963250 2022] [:error] [pid 3056937] [client 192.241.197.72:56850] [client 192.241.197.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3RYMrVrfYiC6Hkc-QnCbQAAAAU"]
[Wed Nov 16 04:25:38.963465 2022] [:error] [pid 3056937] [client 192.241.197.72:56850] [client 192.241.197.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3RYMrVrfYiC6Hkc-QnCbQAAAAU"]
[Wed Nov 16 04:39:20.746178 2022] [:error] [pid 3056940] [client 164.92.143.142:47798] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RbaCKj7bHh-nQKllFcLwAAACI"]
[Wed Nov 16 04:39:21.097533 2022] [authz_core:error] [pid 3056940] [client 164.92.143.142:48464] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Wed Nov 16 04:39:21.098786 2022] [:error] [pid 3056937] [client 164.92.143.142:48466] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3RbabVrfYiC6Hkc-QnCbwAAAAU"]
[Wed Nov 16 04:39:21.099047 2022] [:error] [pid 3056937] [client 164.92.143.142:48466] [client 164.92.143.142] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3RbabVrfYiC6Hkc-QnCbwAAAAU"]
[Wed Nov 16 04:39:21.099295 2022] [:error] [pid 3056937] [client 164.92.143.142:48466] [client 164.92.143.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3RbabVrfYiC6Hkc-QnCbwAAAAU"]
[Wed Nov 16 04:39:21.099417 2022] [:error] [pid 3056964] [client 164.92.143.142:48456] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RbaZu5Ti1lvApl-9zcswAAAAE"]
[Wed Nov 16 04:39:21.099437 2022] [:error] [pid 3056937] [client 164.92.143.142:48466] [client 164.92.143.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.DS_Store"] [unique_id "Y3RbabVrfYiC6Hkc-QnCbwAAAAU"]
[Wed Nov 16 04:39:21.100637 2022] [:error] [pid 3056938] [client 164.92.143.142:48458] [client 164.92.143.142] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y3RbaaV7ZkTFXuImD9t2UAAAAAA"]
[Wed Nov 16 04:39:21.100791 2022] [:error] [pid 3056938] [client 164.92.143.142:48458] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y3RbaaV7ZkTFXuImD9t2UAAAAAA"]
[Wed Nov 16 04:39:21.101190 2022] [:error] [pid 3056938] [client 164.92.143.142:48458] [client 164.92.143.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y3RbaaV7ZkTFXuImD9t2UAAAAAA"]
[Wed Nov 16 04:39:21.101327 2022] [:error] [pid 3056938] [client 164.92.143.142:48458] [client 164.92.143.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y3RbaaV7ZkTFXuImD9t2UAAAAAA"]
[Wed Nov 16 04:39:21.102132 2022] [:error] [pid 3056941] [client 164.92.143.142:48462] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3RbaXrjVpd9Ypq@Td0YOAAAACM"]
[Wed Nov 16 04:39:21.102463 2022] [:error] [pid 3056939] [client 164.92.143.142:48460] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/debug/default/view"] [unique_id "Y3RbaczMYxkosRyKDIJFrwAAAAs"]
[Wed Nov 16 04:39:21.125313 2022] [:error] [pid 3056937] [client 164.92.143.142:48478] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/info.php"] [unique_id "Y3RbabVrfYiC6Hkc-QnCcAAAAAU"]
[Wed Nov 16 04:39:21.127653 2022] [:error] [pid 3056938] [client 164.92.143.142:48474] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/s/632313e2335313e2638313e27333/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties"] [unique_id "Y3RbaaV7ZkTFXuImD9t2UQAAAAA"]
[Wed Nov 16 04:39:21.262074 2022] [:error] [pid 3056964] [client 164.92.143.142:48476] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/telescope/requests"] [unique_id "Y3RbaZu5Ti1lvApl-9zctAAAAAE"]
[Wed Nov 16 04:39:21.269265 2022] [:error] [pid 3056939] [client 164.92.143.142:48472] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RbaczMYxkosRyKDIJFsAAAAAs"]
[Wed Nov 16 04:39:21.366329 2022] [:error] [pid 3056939] [client 164.92.143.142:48470] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3RbaczMYxkosRyKDIJFsQAAAAs"]
[Wed Nov 16 04:39:21.366511 2022] [:error] [pid 3056939] [client 164.92.143.142:48470] [client 164.92.143.142] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3RbaczMYxkosRyKDIJFsQAAAAs"]
[Wed Nov 16 04:39:21.366718 2022] [:error] [pid 3056939] [client 164.92.143.142:48470] [client 164.92.143.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3RbaczMYxkosRyKDIJFsQAAAAs"]
[Wed Nov 16 04:39:21.366875 2022] [:error] [pid 3056939] [client 164.92.143.142:48470] [client 164.92.143.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3RbaczMYxkosRyKDIJFsQAAAAs"]
[Wed Nov 16 04:39:21.526312 2022] [:error] [pid 3059381] [client 164.92.143.142:48468] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RbaQTlG1GqR1AnhDmfXQAAAAI"]
[Wed Nov 16 04:39:21.526555 2022] [:error] [pid 3059381] [client 164.92.143.142:48468] [client 164.92.143.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RbaQTlG1GqR1AnhDmfXQAAAAI"]
[Wed Nov 16 04:39:21.526883 2022] [:error] [pid 3059381] [client 164.92.143.142:48468] [client 164.92.143.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RbaQTlG1GqR1AnhDmfXQAAAAI"]
[Wed Nov 16 04:39:21.527085 2022] [:error] [pid 3059381] [client 164.92.143.142:48468] [client 164.92.143.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RbaQTlG1GqR1AnhDmfXQAAAAI"]
[Wed Nov 16 04:39:22.565845 2022] [:error] [pid 3059382] [client 164.92.143.142:48794] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/config.json"] [unique_id "Y3RbagSMrgzGvRfFdemJIQAAAAM"]
[Wed Nov 16 04:39:23.126979 2022] [:error] [pid 3056940] [client 164.92.143.142:48800] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/v2/_catalog"] [unique_id "Y3RbayKj7bHh-nQKllFcMQAAACI"]
[Wed Nov 16 04:39:23.208041 2022] [:error] [pid 3056940] [client 164.92.143.142:48798] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/api/search"] [unique_id "Y3RbayKj7bHh-nQKllFcMgAAACI"]
[Wed Nov 16 04:39:23.255835 2022] [:error] [pid 3056941] [client 164.92.143.142:48796] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/about"] [unique_id "Y3Rba3rjVpd9Ypq@Td0YOQAAACM"]
[Wed Nov 16 04:39:23.274355 2022] [:error] [pid 3056938] [client 164.92.143.142:48802] [client 164.92.143.142] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/login.action"] [unique_id "Y3Rba6V7ZkTFXuImD9t2UgAAAAA"]
[Wed Nov 16 04:43:58.334830 2022] [:error] [pid 3056937] [client 192.241.213.5:46398] [client 192.241.213.5] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RcfrVrfYiC6Hkc-QnCcQAAAAU"]
[Wed Nov 16 04:43:58.339345 2022] [:error] [pid 3056937] [client 192.241.213.5:46398] [client 192.241.213.5] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RcfrVrfYiC6Hkc-QnCcQAAAAU"]
[Wed Nov 16 04:43:58.339737 2022] [:error] [pid 3056937] [client 192.241.213.5:46398] [client 192.241.213.5] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RcfrVrfYiC6Hkc-QnCcQAAAAU"]
[Wed Nov 16 04:43:58.339964 2022] [:error] [pid 3056937] [client 192.241.213.5:46398] [client 192.241.213.5] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RcfrVrfYiC6Hkc-QnCcQAAAAU"]
[Wed Nov 16 05:16:22.581788 2022] [:error] [pid 3056941] [client 128.14.133.58:42068] [client 128.14.133.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3RkFnrjVpd9Ypq@Td0YOgAAACM"]
[Wed Nov 16 05:23:59.692605 2022] [:error] [pid 3056940] [client 154.89.5.218:37052] [client 154.89.5.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Rl3yKj7bHh-nQKllFcNAAAACI"]
[Wed Nov 16 06:02:37.499975 2022] [:error] [pid 3056940] [client 192.241.195.240:59866] [client 192.241.195.240] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y3Ru7SKj7bHh-nQKllFcNQAAACI"]
[Wed Nov 16 06:02:37.500136 2022] [:error] [pid 3056940] [client 192.241.195.240:59866] [client 192.241.195.240] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y3Ru7SKj7bHh-nQKllFcNQAAACI"]
[Wed Nov 16 06:02:37.500583 2022] [:error] [pid 3056940] [client 192.241.195.240:59866] [client 192.241.195.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y3Ru7SKj7bHh-nQKllFcNQAAACI"]
[Wed Nov 16 06:02:37.500824 2022] [:error] [pid 3056940] [client 192.241.195.240:59866] [client 192.241.195.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y3Ru7SKj7bHh-nQKllFcNQAAACI"]
[Wed Nov 16 06:06:11.933807 2022] [:error] [pid 3059383] [client 192.241.206.69:36572] [client 192.241.206.69] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y3RvwyAGtUWF5Ke72EG8YgAAAAQ"]
[Wed Nov 16 06:06:11.933913 2022] [:error] [pid 3059383] [client 192.241.206.69:36572] [client 192.241.206.69] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y3RvwyAGtUWF5Ke72EG8YgAAAAQ"]
[Wed Nov 16 06:06:11.934226 2022] [:error] [pid 3059383] [client 192.241.206.69:36572] [client 192.241.206.69] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y3RvwyAGtUWF5Ke72EG8YgAAAAQ"]
[Wed Nov 16 06:06:11.934392 2022] [:error] [pid 3059383] [client 192.241.206.69:36572] [client 192.241.206.69] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y3RvwyAGtUWF5Ke72EG8YgAAAAQ"]
[Wed Nov 16 06:20:56.187286 2022] [:error] [pid 3056938] [client 109.237.97.180:42244] [client 109.237.97.180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RzOKV7ZkTFXuImD9t2VQAAAAA"]
[Wed Nov 16 06:20:56.187503 2022] [:error] [pid 3056938] [client 109.237.97.180:42244] [client 109.237.97.180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RzOKV7ZkTFXuImD9t2VQAAAAA"]
[Wed Nov 16 06:20:56.187779 2022] [:error] [pid 3056938] [client 109.237.97.180:42244] [client 109.237.97.180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RzOKV7ZkTFXuImD9t2VQAAAAA"]
[Wed Nov 16 06:20:56.187932 2022] [:error] [pid 3056938] [client 109.237.97.180:42244] [client 109.237.97.180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3RzOKV7ZkTFXuImD9t2VQAAAAA"]
[Wed Nov 16 06:55:54.020752 2022] [:error] [pid 3059381] [client 192.241.212.122:42130] [client 192.241.212.122] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3R7agTlG1GqR1AnhDmfYAAAAAI"]
[Wed Nov 16 06:55:54.020917 2022] [:error] [pid 3059381] [client 192.241.212.122:42130] [client 192.241.212.122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3R7agTlG1GqR1AnhDmfYAAAAAI"]
[Wed Nov 16 06:55:54.021492 2022] [:error] [pid 3059381] [client 192.241.212.122:42130] [client 192.241.212.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3R7agTlG1GqR1AnhDmfYAAAAAI"]
[Wed Nov 16 06:55:54.021683 2022] [:error] [pid 3059381] [client 192.241.212.122:42130] [client 192.241.212.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3R7agTlG1GqR1AnhDmfYAAAAAI"]
[Wed Nov 16 06:56:26.122765 2022] [:error] [pid 3059382] [client 192.241.212.53:51302] [client 192.241.212.53] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3R7igSMrgzGvRfFdemJJAAAAAM"]
[Wed Nov 16 06:56:26.122876 2022] [:error] [pid 3059382] [client 192.241.212.53:51302] [client 192.241.212.53] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3R7igSMrgzGvRfFdemJJAAAAAM"]
[Wed Nov 16 06:56:26.123280 2022] [:error] [pid 3059382] [client 192.241.212.53:51302] [client 192.241.212.53] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3R7igSMrgzGvRfFdemJJAAAAAM"]
[Wed Nov 16 06:56:26.123450 2022] [:error] [pid 3059382] [client 192.241.212.53:51302] [client 192.241.212.53] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3R7igSMrgzGvRfFdemJJAAAAAM"]
[Wed Nov 16 06:57:26.101311 2022] [:error] [pid 3056941] [client 192.241.212.71:45694] [client 192.241.212.71] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3R7xnrjVpd9Ypq@Td0YPQAAACM"]
[Wed Nov 16 06:57:26.101501 2022] [:error] [pid 3056941] [client 192.241.212.71:45694] [client 192.241.212.71] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3R7xnrjVpd9Ypq@Td0YPQAAACM"]
[Wed Nov 16 06:57:26.103148 2022] [:error] [pid 3056941] [client 192.241.212.71:45694] [client 192.241.212.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3R7xnrjVpd9Ypq@Td0YPQAAACM"]
[Wed Nov 16 06:57:26.103402 2022] [:error] [pid 3056941] [client 192.241.212.71:45694] [client 192.241.212.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3R7xnrjVpd9Ypq@Td0YPQAAACM"]
[Wed Nov 16 08:25:46.152839 2022] [:error] [pid 3059383] [client 109.237.98.226:53378] [client 109.237.98.226] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3SQeiAGtUWF5Ke72EG8ZQAAAAQ"]
[Wed Nov 16 08:25:46.153072 2022] [:error] [pid 3059383] [client 109.237.98.226:53378] [client 109.237.98.226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3SQeiAGtUWF5Ke72EG8ZQAAAAQ"]
[Wed Nov 16 08:25:46.153362 2022] [:error] [pid 3059383] [client 109.237.98.226:53378] [client 109.237.98.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3SQeiAGtUWF5Ke72EG8ZQAAAAQ"]
[Wed Nov 16 08:25:46.153559 2022] [:error] [pid 3059383] [client 109.237.98.226:53378] [client 109.237.98.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3SQeiAGtUWF5Ke72EG8ZQAAAAQ"]
[Wed Nov 16 08:30:07.886951 2022] [:error] [pid 3059381] [client 161.35.70.227:44270] [client 161.35.70.227] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3SRfwTlG1GqR1AnhDmfYgAAAAI"]
[Wed Nov 16 09:23:34.436723 2022] [:error] [pid 3056940] [client 152.89.196.211:51862] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3SeBiKj7bHh-nQKllFcOgAAACI"]
[Wed Nov 16 09:32:42.187548 2022] [:error] [pid 3059381] [client 74.82.47.12:35887] [client 74.82.47.12] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3SgKgTlG1GqR1AnhDmfZAAAAAI"]
[Wed Nov 16 09:42:29.256337 2022] [:error] [pid 3056964] [client 74.82.47.40:40079] [client 74.82.47.40] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3SidZu5Ti1lvApl-9zcvAAAAAE"]
[Wed Nov 16 09:47:05.925789 2022] [:error] [pid 3056941] [client 74.82.47.20:15417] [client 74.82.47.20] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3SjiXrjVpd9Ypq@Td0YQAAAACM"]
[Wed Nov 16 10:26:39.389415 2022] [:error] [pid 3059381] [client 185.7.214.218:47048] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3SszwTlG1GqR1AnhDmfZQAAAAI"]
[Wed Nov 16 10:26:39.391524 2022] [:error] [pid 3059381] [client 185.7.214.218:47048] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3SszwTlG1GqR1AnhDmfZQAAAAI"]
[Wed Nov 16 10:26:39.391576 2022] [:error] [pid 3059381] [client 185.7.214.218:47048] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3SszwTlG1GqR1AnhDmfZQAAAAI"]
[Wed Nov 16 10:26:39.391611 2022] [:error] [pid 3059381] [client 185.7.214.218:47048] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3SszwTlG1GqR1AnhDmfZQAAAAI"]
[Wed Nov 16 10:26:39.392168 2022] [:error] [pid 3059381] [client 185.7.214.218:47048] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3SszwTlG1GqR1AnhDmfZQAAAAI"]
[Wed Nov 16 10:26:39.392374 2022] [:error] [pid 3059381] [client 185.7.214.218:47048] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3SszwTlG1GqR1AnhDmfZQAAAAI"]
[Wed Nov 16 11:50:56.863653 2022] [:error] [pid 3059381] [client 43.128.227.146:56444] [client 43.128.227.146] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3TAkATlG1GqR1AnhDmfZwAAAAI"]
[Wed Nov 16 12:12:46.382876 2022] [:error] [pid 3063132] [client 194.180.48.125:37074] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y3TFrs3Il@SUkKT3nm0tEQAAAAY"]
[Wed Nov 16 12:45:53.395339 2022] [:error] [pid 3056938] [client 152.89.196.211:35002] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3TNcaV7ZkTFXuImD9t2YAAAAAA"]
[Wed Nov 16 13:10:20.709731 2022] [:error] [pid 3056939] [client 172.104.193.53:46528] [client 172.104.193.53] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3TTLMzMYxkosRyKDIJFvAAAAAs"]
[Wed Nov 16 13:51:48.797877 2022] [:error] [pid 3056941] [client 45.134.144.48:50278] [client 45.134.144.48] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3Tc5HrjVpd9Ypq@Td0YRwAAACM"]
[Wed Nov 16 13:51:48.798125 2022] [:error] [pid 3056941] [client 45.134.144.48:50278] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: ///remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3Tc5HrjVpd9Ypq@Td0YRwAAACM"]
[Wed Nov 16 13:51:48.798197 2022] [:error] [pid 3056941] [client 45.134.144.48:50278] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3Tc5HrjVpd9Ypq@Td0YRwAAACM"]
[Wed Nov 16 13:51:48.798249 2022] [:error] [pid 3056941] [client 45.134.144.48:50278] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3Tc5HrjVpd9Ypq@Td0YRwAAACM"]
[Wed Nov 16 13:51:48.799035 2022] [:error] [pid 3056941] [client 45.134.144.48:50278] [client 45.134.144.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3Tc5HrjVpd9Ypq@Td0YRwAAACM"]
[Wed Nov 16 13:51:48.799283 2022] [:error] [pid 3056941] [client 45.134.144.48:50278] [client 45.134.144.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3Tc5HrjVpd9Ypq@Td0YRwAAACM"]
[Wed Nov 16 15:00:04.241284 2022] [:error] [pid 3064827] [client 200.123.248.53:51154] [client 200.123.248.53] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Ts5FO83@qk7GahsDm-WwAAAAg"]
[Wed Nov 16 15:00:15.585644 2022] [:error] [pid 3064782] [client 194.180.48.125:50512] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y3Ts75xMteM6atk@eiFZ5gAAAAI"]
[Wed Nov 16 15:04:49.908570 2022] [:error] [pid 3059382] [client 154.209.125.119:16293] [client 154.209.125.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3TuAQSMrgzGvRfFdemJmwAAAAM"]
[Wed Nov 16 15:55:53.974479 2022] [:error] [pid 3064141] [client 200.114.240.149:56200] [client 200.114.240.149] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3T5@cs62Xc3wODMm1esNgAAAAc"]
[Wed Nov 16 17:51:31.129703 2022] [:error] [pid 3068383] [client 103.133.111.120:52040] [client 103.133.111.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3UVE1dzB8GYEBKzeMgTwAAAAAA"]
[Wed Nov 16 17:51:31.129970 2022] [:error] [pid 3068383] [client 103.133.111.120:52040] [client 103.133.111.120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3UVE1dzB8GYEBKzeMgTwAAAAAA"]
[Wed Nov 16 17:51:31.130334 2022] [:error] [pid 3068383] [client 103.133.111.120:52040] [client 103.133.111.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3UVE1dzB8GYEBKzeMgTwAAAAAA"]
[Wed Nov 16 17:51:31.130552 2022] [:error] [pid 3068383] [client 103.133.111.120:52040] [client 103.133.111.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3UVE1dzB8GYEBKzeMgTwAAAAAA"]
[Wed Nov 16 17:51:32.273808 2022] [:error] [pid 3066832] [client 103.133.111.120:52829] [client 103.133.111.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3UVFAP5cID5RWuBgvahsgAAAA0"]
[Wed Nov 16 17:57:31.260288 2022] [:error] [pid 3064782] [client 106.75.15.144:35470] [client 106.75.15.144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3UWe5xMteM6atk@eiFaRAAAAAI"]
[Wed Nov 16 18:45:37.208985 2022] [:error] [pid 3068383] [client 193.118.53.210:58362] [client 193.118.53.210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3UhwVdzB8GYEBKzeMgTwQAAAAA"]
[Wed Nov 16 19:36:57.792916 2022] [:error] [pid 3064141] [client 35.195.93.98:55342] [client 35.195.93.98] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Utycs62Xc3wODMm1esbAAAAAc"]
[Wed Nov 16 19:38:53.106155 2022] [:error] [pid 3068383] [client 185.7.214.218:53468] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3UuPVdzB8GYEBKzeMgTwgAAAAA"]
[Wed Nov 16 19:38:53.106341 2022] [:error] [pid 3068383] [client 185.7.214.218:53468] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3UuPVdzB8GYEBKzeMgTwgAAAAA"]
[Wed Nov 16 19:38:53.106389 2022] [:error] [pid 3068383] [client 185.7.214.218:53468] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3UuPVdzB8GYEBKzeMgTwgAAAAA"]
[Wed Nov 16 19:38:53.106419 2022] [:error] [pid 3068383] [client 185.7.214.218:53468] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3UuPVdzB8GYEBKzeMgTwgAAAAA"]
[Wed Nov 16 19:38:53.107102 2022] [:error] [pid 3068383] [client 185.7.214.218:53468] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3UuPVdzB8GYEBKzeMgTwgAAAAA"]
[Wed Nov 16 19:38:53.107279 2022] [:error] [pid 3068383] [client 185.7.214.218:53468] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3UuPVdzB8GYEBKzeMgTwgAAAAA"]
[Wed Nov 16 20:08:43.709740 2022] [:error] [pid 3066832] [client 147.182.246.90:60854] [client 147.182.246.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/system_api.php"] [unique_id "Y3U1OwP5cID5RWuBgvahtQAAAA0"]
[Wed Nov 16 20:08:46.554079 2022] [:error] [pid 3068142] [client 147.182.246.90:60892] [client 147.182.246.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/c/version.js"] [unique_id "Y3U1Pn9FP1SW8PzmwYq3XgAAAAU"]
[Wed Nov 16 20:08:49.256436 2022] [:error] [pid 3066832] [client 147.182.246.90:60922] [client 147.182.246.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/streaming/clients_live.php"] [unique_id "Y3U1QQP5cID5RWuBgvahtgAAAA0"]
[Wed Nov 16 20:08:51.622838 2022] [:error] [pid 3067503] [client 147.182.246.90:60964] [client 147.182.246.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/stalker_portal/c/version.js"] [unique_id "Y3U1Q-DPbGhz0AyC-1jBNAAAAAY"]
[Wed Nov 16 20:08:54.029309 2022] [:error] [pid 3066822] [client 147.182.246.90:35002] [client 147.182.246.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/stream/live.php"] [unique_id "Y3U1Rp7x8d0b9bXYqxY0BAAAAAE"]
[Wed Nov 16 20:08:56.366849 2022] [:error] [pid 3066834] [client 147.182.246.90:35034] [client 147.182.246.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/flu/403.html"] [unique_id "Y3U1SKGN8oVzFm5feQ6TDQAAAA8"]
[Wed Nov 16 20:08:58.750958 2022] [:error] [pid 3068383] [client 147.182.246.90:35076] [client 147.182.246.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3U1SldzB8GYEBKzeMgTxQAAAAA"]
[Wed Nov 16 22:09:38.572784 2022] [:error] [pid 3068383] [client 128.14.133.58:47148] [client 128.14.133.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/"] [unique_id "Y3VRkldzB8GYEBKzeMgTxwAAAAA"]
[Wed Nov 16 22:28:47.925200 2022] [:error] [pid 3068142] [client 167.94.145.57:47036] [client 167.94.145.57] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3VWD39FP1SW8PzmwYq3YgAAAAU"]
[Wed Nov 16 22:28:49.145317 2022] [:error] [pid 3067496] [client 167.94.145.57:55314] [client 167.94.145.57] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3VWEZL5ePKtVxmWWKoVDwAAAAQ"]
[Wed Nov 16 23:09:02.864612 2022] [:error] [pid 3066834] [client 5.161.155.60:50926] [client 5.161.155.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/webclient/"] [unique_id "Y3VffqGN8oVzFm5feQ6TEgAAAA8"]
[Thu Nov 17 00:33:10.142182 2022] [:error] [pid 3072318] [client 128.14.134.170:56386] [client 128.14.134.170] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3VzNpxim6efSLxzW8j@NwAAAA0"]
[Thu Nov 17 00:49:07.296868 2022] [:error] [pid 3072315] [client 104.248.23.110:37892] [client 104.248.23.110] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3V28-yahISBIhGcfn35EQAAAAI"]
[Thu Nov 17 00:49:25.554857 2022] [:error] [pid 3072316] [client 192.241.211.197:57202] [client 192.241.211.197] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3V3Bex1IRYDox38mP0aZQAAAAo"]
[Thu Nov 17 00:49:25.554975 2022] [:error] [pid 3072316] [client 192.241.211.197:57202] [client 192.241.211.197] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3V3Bex1IRYDox38mP0aZQAAAAo"]
[Thu Nov 17 00:49:25.555677 2022] [:error] [pid 3072316] [client 192.241.211.197:57202] [client 192.241.211.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3V3Bex1IRYDox38mP0aZQAAAAo"]
[Thu Nov 17 00:49:25.555863 2022] [:error] [pid 3072316] [client 192.241.211.197:57202] [client 192.241.211.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3V3Bex1IRYDox38mP0aZQAAAAo"]
[Thu Nov 17 01:14:53.784717 2022] [:error] [pid 3072317] [client 138.246.253.24:47860] [client 138.246.253.24] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y3V8-USoEDowZrYYN6Eg6gAAAAE"]
[Thu Nov 17 01:50:46.649357 2022] [:error] [pid 3072348] [client 109.206.243.220:48590] [client 109.206.243.220] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3WFZrNHN-RXYx8vVezmywAAAAA"]
[Thu Nov 17 02:32:27.642387 2022] [:error] [pid 3072315] [client 194.55.186.126:49486] [client 194.55.186.126] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3WPK-yahISBIhGcfn35FAAAAAI"]
[Thu Nov 17 03:53:55.977536 2022] [:error] [pid 3072315] [client 45.134.144.48:53892] [client 45.134.144.48] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3WiQ-yahISBIhGcfn35FgAAAAI"]
[Thu Nov 17 03:53:55.977726 2022] [:error] [pid 3072315] [client 45.134.144.48:53892] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: ///remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3WiQ-yahISBIhGcfn35FgAAAAI"]
[Thu Nov 17 03:53:55.977771 2022] [:error] [pid 3072315] [client 45.134.144.48:53892] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3WiQ-yahISBIhGcfn35FgAAAAI"]
[Thu Nov 17 03:53:55.977817 2022] [:error] [pid 3072315] [client 45.134.144.48:53892] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3WiQ-yahISBIhGcfn35FgAAAAI"]
[Thu Nov 17 03:53:55.978411 2022] [:error] [pid 3072315] [client 45.134.144.48:53892] [client 45.134.144.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3WiQ-yahISBIhGcfn35FgAAAAI"]
[Thu Nov 17 03:53:55.978658 2022] [:error] [pid 3072315] [client 45.134.144.48:53892] [client 45.134.144.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3WiQ-yahISBIhGcfn35FgAAAAI"]
[Thu Nov 17 04:08:25.551571 2022] [:error] [pid 3072316] [client 106.75.81.218:53702] [client 106.75.81.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Wlqex1IRYDox38mP0aagAAAAo"]
[Thu Nov 17 04:28:53.891071 2022] [:error] [pid 3074322] [client 192.241.200.178:47276] [client 192.241.200.178] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3WqdSohNfIxTtjBbNk3rgAAAAQ"]
[Thu Nov 17 04:28:53.891192 2022] [:error] [pid 3074322] [client 192.241.200.178:47276] [client 192.241.200.178] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3WqdSohNfIxTtjBbNk3rgAAAAQ"]
[Thu Nov 17 04:28:53.891831 2022] [:error] [pid 3074322] [client 192.241.200.178:47276] [client 192.241.200.178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3WqdSohNfIxTtjBbNk3rgAAAAQ"]
[Thu Nov 17 04:28:53.892022 2022] [:error] [pid 3074322] [client 192.241.200.178:47276] [client 192.241.200.178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3WqdSohNfIxTtjBbNk3rgAAAAQ"]
[Thu Nov 17 04:43:53.219226 2022] [:error] [pid 3072314] [client 192.241.192.25:57900] [client 192.241.192.25] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Wt@TaMBcj8QfNNFwMPeQAAAAc"]
[Thu Nov 17 04:43:53.219354 2022] [:error] [pid 3072314] [client 192.241.192.25:57900] [client 192.241.192.25] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Wt@TaMBcj8QfNNFwMPeQAAAAc"]
[Thu Nov 17 04:43:53.219698 2022] [:error] [pid 3072314] [client 192.241.192.25:57900] [client 192.241.192.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Wt@TaMBcj8QfNNFwMPeQAAAAc"]
[Thu Nov 17 04:43:53.219883 2022] [:error] [pid 3072314] [client 192.241.192.25:57900] [client 192.241.192.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Wt@TaMBcj8QfNNFwMPeQAAAAc"]
[Thu Nov 17 05:12:32.040872 2022] [:error] [pid 3072316] [client 94.102.61.8:52968] [client 94.102.61.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3W0sOx1IRYDox38mP0abgAAAAo"]
[Thu Nov 17 05:52:51.645288 2022] [:error] [pid 3072317] [client 185.7.214.218:38594] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3W@I0SoEDowZrYYN6Eg8gAAAAE"]
[Thu Nov 17 05:52:51.645593 2022] [:error] [pid 3072317] [client 185.7.214.218:38594] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3W@I0SoEDowZrYYN6Eg8gAAAAE"]
[Thu Nov 17 05:52:51.645649 2022] [:error] [pid 3072317] [client 185.7.214.218:38594] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3W@I0SoEDowZrYYN6Eg8gAAAAE"]
[Thu Nov 17 05:52:51.645698 2022] [:error] [pid 3072317] [client 185.7.214.218:38594] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3W@I0SoEDowZrYYN6Eg8gAAAAE"]
[Thu Nov 17 05:52:51.646397 2022] [:error] [pid 3072317] [client 185.7.214.218:38594] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3W@I0SoEDowZrYYN6Eg8gAAAAE"]
[Thu Nov 17 05:52:51.646624 2022] [:error] [pid 3072317] [client 185.7.214.218:38594] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3W@I0SoEDowZrYYN6Eg8gAAAAE"]
[Thu Nov 17 06:06:15.024893 2022] [:error] [pid 3074322] [client 139.59.20.153:52700] [client 139.59.20.153] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3XBRyohNfIxTtjBbNk3sQAAAAQ"]
[Thu Nov 17 06:06:15.025052 2022] [:error] [pid 3074322] [client 139.59.20.153:52700] [client 139.59.20.153] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3XBRyohNfIxTtjBbNk3sQAAAAQ"]
[Thu Nov 17 06:06:15.025401 2022] [:error] [pid 3074322] [client 139.59.20.153:52700] [client 139.59.20.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3XBRyohNfIxTtjBbNk3sQAAAAQ"]
[Thu Nov 17 06:06:15.025567 2022] [:error] [pid 3074322] [client 139.59.20.153:52700] [client 139.59.20.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3XBRyohNfIxTtjBbNk3sQAAAAQ"]
[Thu Nov 17 06:06:15.626010 2022] [:error] [pid 3072348] [client 139.59.20.153:52712] [client 139.59.20.153] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3XBR7NHN-RXYx8vVezm1AAAAAA"]
[Thu Nov 17 06:06:15.626141 2022] [:error] [pid 3072348] [client 139.59.20.153:52712] [client 139.59.20.153] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3XBR7NHN-RXYx8vVezm1AAAAAA"]
[Thu Nov 17 06:06:15.626516 2022] [:error] [pid 3072348] [client 139.59.20.153:52712] [client 139.59.20.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3XBR7NHN-RXYx8vVezm1AAAAAA"]
[Thu Nov 17 06:06:15.626709 2022] [:error] [pid 3072348] [client 139.59.20.153:52712] [client 139.59.20.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3XBR7NHN-RXYx8vVezm1AAAAAA"]
[Thu Nov 17 06:06:19.154673 2022] [:error] [pid 3072314] [client 139.59.20.153:49728] [client 139.59.20.153] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3XBSzaMBcj8QfNNFwMPfAAAAAc"]
[Thu Nov 17 06:06:19.154776 2022] [:error] [pid 3072314] [client 139.59.20.153:49728] [client 139.59.20.153] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3XBSzaMBcj8QfNNFwMPfAAAAAc"]
[Thu Nov 17 06:06:19.155109 2022] [:error] [pid 3072314] [client 139.59.20.153:49728] [client 139.59.20.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3XBSzaMBcj8QfNNFwMPfAAAAAc"]
[Thu Nov 17 06:06:19.155304 2022] [:error] [pid 3072314] [client 139.59.20.153:49728] [client 139.59.20.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3XBSzaMBcj8QfNNFwMPfAAAAAc"]
[Thu Nov 17 06:26:44.907318 2022] [:error] [pid 3072318] [client 192.241.197.121:35306] [client 192.241.197.121] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XGFJxim6efSLxzW8j@QQAAAA0"]
[Thu Nov 17 06:26:44.907448 2022] [:error] [pid 3072318] [client 192.241.197.121:35306] [client 192.241.197.121] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XGFJxim6efSLxzW8j@QQAAAA0"]
[Thu Nov 17 06:26:44.908109 2022] [:error] [pid 3072318] [client 192.241.197.121:35306] [client 192.241.197.121] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XGFJxim6efSLxzW8j@QQAAAA0"]
[Thu Nov 17 06:26:44.908349 2022] [:error] [pid 3072318] [client 192.241.197.121:35306] [client 192.241.197.121] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XGFJxim6efSLxzW8j@QQAAAA0"]
[Thu Nov 17 06:32:32.228268 2022] [:error] [pid 3072317] [client 193.118.53.210:34004] [client 193.118.53.210] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3XHcESoEDowZrYYN6Eg8wAAAAE"]
[Thu Nov 17 06:42:16.237999 2022] [:error] [pid 3072579] [client 51.15.205.3:55684] [client 51.15.205.3] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3XJuPZtWwcTaq6pTy5UswAAAAM"]
[Thu Nov 17 06:54:34.903947 2022] [:error] [pid 3074322] [client 51.15.195.246:48216] [client 51.15.195.246] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3XMmiohNfIxTtjBbNk3swAAAAQ"]
[Thu Nov 17 07:29:06.001378 2022] [:error] [pid 3072314] [client 192.241.204.111:49904] [client 192.241.204.111] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XUsTaMBcj8QfNNFwMPfgAAAAc"]
[Thu Nov 17 07:29:06.001510 2022] [:error] [pid 3072314] [client 192.241.204.111:49904] [client 192.241.204.111] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XUsTaMBcj8QfNNFwMPfgAAAAc"]
[Thu Nov 17 07:29:06.002298 2022] [:error] [pid 3072314] [client 192.241.204.111:49904] [client 192.241.204.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XUsTaMBcj8QfNNFwMPfgAAAAc"]
[Thu Nov 17 07:29:06.002511 2022] [:error] [pid 3072314] [client 192.241.204.111:49904] [client 192.241.204.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3XUsTaMBcj8QfNNFwMPfgAAAAc"]
[Thu Nov 17 07:57:12.771824 2022] [:error] [pid 3072317] [client 45.134.144.88:32802] [client 45.134.144.88] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/level/15/exec/-/sh/run/CR"] [unique_id "Y3XbSESoEDowZrYYN6Eg9QAAAAE"]
[Thu Nov 17 08:15:08.832019 2022] [authz_core:error] [pid 3072318] [client 152.89.196.211:37420] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Thu Nov 17 08:39:57.345593 2022] [authz_core:error] [pid 3072579] [client 152.89.196.211:52988] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Thu Nov 17 08:51:10.141905 2022] [:error] [pid 3072348] [client 162.142.125.8:34356] [client 162.142.125.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Xn7rNHN-RXYx8vVezm5wAAAAA"]
[Thu Nov 17 08:51:10.546012 2022] [:error] [pid 3072317] [client 162.142.125.8:46092] [client 162.142.125.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Xn7kSoEDowZrYYN6EhBwAAAAE"]
[Thu Nov 17 09:32:47.723202 2022] [:error] [pid 3072315] [client 65.49.20.100:12755] [client 65.49.20.100] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Xxr-yahISBIhGcfn35gwAAAAI"]
[Thu Nov 17 09:41:44.545549 2022] [:error] [pid 3072348] [client 152.89.196.211:41824] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/index.php"] [unique_id "Y3XzyLNHN-RXYx8vVezm6QAAAAA"]
[Thu Nov 17 09:41:44.546022 2022] [:error] [pid 3072348] [client 152.89.196.211:41824] [client 152.89.196.211] ModSecurity: Warning. Matched phrase "call_user_func" at ARGS:function. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "296"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: call_user_func found within ARGS:function: call_user_func_array"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "37.186.153.126"] [uri "/index.php"] [unique_id "Y3XzyLNHN-RXYx8vVezm6QAAAAA"]
[Thu Nov 17 09:41:44.546910 2022] [:error] [pid 3072348] [client 152.89.196.211:41824] [client 152.89.196.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/index.php"] [unique_id "Y3XzyLNHN-RXYx8vVezm6QAAAAA"]
[Thu Nov 17 09:41:44.547071 2022] [:error] [pid 3072348] [client 152.89.196.211:41824] [client 152.89.196.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/index.php"] [unique_id "Y3XzyLNHN-RXYx8vVezm6QAAAAA"]
[Thu Nov 17 09:42:15.981173 2022] [:error] [pid 3072317] [client 65.49.20.112:31657] [client 65.49.20.112] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3Xz50SoEDowZrYYN6EhCQAAAAE"]
[Thu Nov 17 09:47:00.591888 2022] [:error] [pid 3072318] [client 65.49.20.72:17765] [client 65.49.20.72] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3X1BJxim6efSLxzW8j@lAAAAA0"]
[Thu Nov 17 09:48:28.856229 2022] [:error] [pid 3089153] [client 65.49.20.84:27509] [client 65.49.20.84] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3X1XHYWMljkdz2xljAyQwAAAAg"]
[Thu Nov 17 09:48:28.856419 2022] [:error] [pid 3089153] [client 65.49.20.84:27509] [client 65.49.20.84] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3X1XHYWMljkdz2xljAyQwAAAAg"]
[Thu Nov 17 09:48:28.856660 2022] [:error] [pid 3089153] [client 65.49.20.84:27509] [client 65.49.20.84] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3X1XHYWMljkdz2xljAyQwAAAAg"]
[Thu Nov 17 09:48:28.856822 2022] [:error] [pid 3089153] [client 65.49.20.84:27509] [client 65.49.20.84] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3X1XHYWMljkdz2xljAyQwAAAAg"]
[Thu Nov 17 09:55:12.722575 2022] [:error] [pid 3074322] [client 192.241.205.39:36534] [client 192.241.205.39] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3X28CohNfIxTtjBbNk35AAAAAQ"]
[Thu Nov 17 09:55:12.722695 2022] [:error] [pid 3074322] [client 192.241.205.39:36534] [client 192.241.205.39] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3X28CohNfIxTtjBbNk35AAAAAQ"]
[Thu Nov 17 09:55:12.723043 2022] [:error] [pid 3074322] [client 192.241.205.39:36534] [client 192.241.205.39] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3X28CohNfIxTtjBbNk35AAAAAQ"]
[Thu Nov 17 09:55:12.723253 2022] [:error] [pid 3074322] [client 192.241.205.39:36534] [client 192.241.205.39] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3X28CohNfIxTtjBbNk35AAAAAQ"]
[Thu Nov 17 10:02:51.345438 2022] [:error] [pid 3072348] [client 183.136.225.32:24209] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3X4u7NHN-RXYx8vVezm6gAAAAA"]
[Thu Nov 17 10:10:56.586145 2022] [:error] [pid 3089151] [client 183.136.225.32:27814] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3X6oCj7IqBlQYQLaAD4-AAAAAU"]
[Thu Nov 17 10:11:18.590021 2022] [:error] [pid 3072318] [client 183.136.225.32:23664] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3X6tpxim6efSLxzW8j@lQAAAA0"]
[Thu Nov 17 10:11:42.187417 2022] [:error] [pid 3072315] [client 183.136.225.32:12484] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y3X6zvyahISBIhGcfn35hQAAAAI"]
[Thu Nov 17 10:36:35.152489 2022] [:error] [pid 3072348] [client 179.43.177.154:40682] [client 179.43.177.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3YAo7NHN-RXYx8vVezm6wAAAAA"]
[Thu Nov 17 10:36:35.152690 2022] [:error] [pid 3072348] [client 179.43.177.154:40682] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3YAo7NHN-RXYx8vVezm6wAAAAA"]
[Thu Nov 17 10:36:35.152946 2022] [:error] [pid 3072348] [client 179.43.177.154:40682] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3YAo7NHN-RXYx8vVezm6wAAAAA"]
[Thu Nov 17 10:36:35.153096 2022] [:error] [pid 3072348] [client 179.43.177.154:40682] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3YAo7NHN-RXYx8vVezm6wAAAAA"]
[Thu Nov 17 11:08:57.979898 2022] [:error] [pid 3072579] [client 194.180.48.125:52492] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y3YIOfZtWwcTaq6pTy5UxQAAAAM"]
[Thu Nov 17 11:11:37.279638 2022] [:error] [pid 3072314] [client 185.7.214.218:41658] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3YI2TaMBcj8QfNNFwMPkwAAAAc"]
[Thu Nov 17 11:11:37.279863 2022] [:error] [pid 3072314] [client 185.7.214.218:41658] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3YI2TaMBcj8QfNNFwMPkwAAAAc"]
[Thu Nov 17 11:11:37.279939 2022] [:error] [pid 3072314] [client 185.7.214.218:41658] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3YI2TaMBcj8QfNNFwMPkwAAAAc"]
[Thu Nov 17 11:11:37.279994 2022] [:error] [pid 3072314] [client 185.7.214.218:41658] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3YI2TaMBcj8QfNNFwMPkwAAAAc"]
[Thu Nov 17 11:11:37.280876 2022] [:error] [pid 3072314] [client 185.7.214.218:41658] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3YI2TaMBcj8QfNNFwMPkwAAAAc"]
[Thu Nov 17 11:11:37.281223 2022] [:error] [pid 3072314] [client 185.7.214.218:41658] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3YI2TaMBcj8QfNNFwMPkwAAAAc"]
[Thu Nov 17 12:11:01.162508 2022] [:error] [pid 3072579] [client 152.89.196.211:56874] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3YWxfZtWwcTaq6pTy5UxgAAAAM"]
[Thu Nov 17 12:38:27.402998 2022] [:error] [pid 3089151] [client 183.136.225.32:47820] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3YdMyj7IqBlQYQLaAD5FwAAAAU"]
[Thu Nov 17 12:46:43.440541 2022] [:error] [pid 3089153] [client 183.136.225.32:33870] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3YfI3YWMljkdz2xljAyRwAAAAg"]
[Thu Nov 17 12:47:06.988387 2022] [:error] [pid 3072579] [client 183.136.225.32:7844] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3YfOvZtWwcTaq6pTy5UxwAAAAM"]
[Thu Nov 17 12:47:39.853953 2022] [:error] [pid 3072314] [client 183.136.225.32:50465] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y3YfWzaMBcj8QfNNFwMPlQAAAAc"]
[Thu Nov 17 12:51:11.682667 2022] [:error] [pid 3074322] [client 109.206.243.162:49702] [client 109.206.243.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3YgLyohNfIxTtjBbNk36AAAAAQ"]
[Thu Nov 17 14:38:58.750368 2022] [:error] [pid 3089151] [client 23.251.102.74:51592] [client 23.251.102.74] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Y5cij7IqBlQYQLaAD5GQAAAAU"]
[Thu Nov 17 16:30:20.966209 2022] [:error] [pid 3072318] [client 194.180.48.125:50162] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3ZTjJxim6efSLxzW8j@nQAAAA0"]
[Thu Nov 17 16:44:11.738842 2022] [:error] [pid 3089151] [client 186.22.171.182:54501] [client 186.22.171.182] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3ZWyyj7IqBlQYQLaAD5HwAAAAU"]
[Thu Nov 17 18:58:37.327297 2022] [:error] [pid 3074322] [client 31.42.176.68:40772] [client 31.42.176.68] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/api/v2/cmdb/system/admin"] [unique_id "Y3Z2TSohNfIxTtjBbNk37QAAAAQ"]
[Thu Nov 17 19:32:04.603214 2022] [:error] [pid 3089151] [client 34.76.158.233:58352] [client 34.76.158.233] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3Z@JCj7IqBlQYQLaAD5IgAAAAU"]
[Thu Nov 17 20:16:30.710838 2022] [:error] [pid 3072579] [client 128.1.248.42:51740] [client 128.1.248.42] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3aIjvZtWwcTaq6pTy5UzwAAAAM"]
[Thu Nov 17 21:54:22.859390 2022] [:error] [pid 3089153] [client 185.7.214.218:44134] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3affnYWMljkdz2xljAyUgAAAAg"]
[Thu Nov 17 21:54:22.859554 2022] [:error] [pid 3089153] [client 185.7.214.218:44134] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3affnYWMljkdz2xljAyUgAAAAg"]
[Thu Nov 17 21:54:22.859622 2022] [:error] [pid 3089153] [client 185.7.214.218:44134] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3affnYWMljkdz2xljAyUgAAAAg"]
[Thu Nov 17 21:54:22.859659 2022] [:error] [pid 3089153] [client 185.7.214.218:44134] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3affnYWMljkdz2xljAyUgAAAAg"]
[Thu Nov 17 21:54:22.860172 2022] [:error] [pid 3089153] [client 185.7.214.218:44134] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3affnYWMljkdz2xljAyUgAAAAg"]
[Thu Nov 17 21:54:22.860366 2022] [:error] [pid 3089153] [client 185.7.214.218:44134] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3affnYWMljkdz2xljAyUgAAAAg"]
[Thu Nov 17 22:11:42.537088 2022] [:error] [pid 3072315] [client 23.251.102.74:52352] [client 23.251.102.74] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3ajjvyahISBIhGcfn35kQAAAAI"]
[Thu Nov 17 23:10:33.038588 2022] [:error] [pid 3072318] [client 75.119.138.227:63099] [client 75.119.138.227] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/webclient/"] [unique_id "Y3axWZxim6efSLxzW8j@owAAAA0"]
[Thu Nov 17 23:38:55.666672 2022] [:error] [pid 3072579] [client 192.241.208.27:35512] [client 192.241.208.27] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3a3--ZtWwcTaq6pTy5U0gAAAAM"]
[Thu Nov 17 23:38:55.666840 2022] [:error] [pid 3072579] [client 192.241.208.27:35512] [client 192.241.208.27] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3a3--ZtWwcTaq6pTy5U0gAAAAM"]
[Thu Nov 17 23:38:55.667315 2022] [:error] [pid 3072579] [client 192.241.208.27:35512] [client 192.241.208.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3a3--ZtWwcTaq6pTy5U0gAAAAM"]
[Thu Nov 17 23:38:55.667529 2022] [:error] [pid 3072579] [client 192.241.208.27:35512] [client 192.241.208.27] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3a3--ZtWwcTaq6pTy5U0gAAAAM"]
[Thu Nov 17 23:42:08.353233 2022] [:error] [pid 3072317] [client 179.43.177.154:45976] [client 179.43.177.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3a4wESoEDowZrYYN6EhfgAAAAE"]
[Thu Nov 17 23:42:08.353451 2022] [:error] [pid 3072317] [client 179.43.177.154:45976] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3a4wESoEDowZrYYN6EhfgAAAAE"]
[Thu Nov 17 23:42:08.353726 2022] [:error] [pid 3072317] [client 179.43.177.154:45976] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3a4wESoEDowZrYYN6EhfgAAAAE"]
[Thu Nov 17 23:42:08.353906 2022] [:error] [pid 3072317] [client 179.43.177.154:45976] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3a4wESoEDowZrYYN6EhfgAAAAE"]
[Fri Nov 18 00:20:37.582267 2022] [:error] [pid 3098217] [client 109.206.243.162:39868] [client 109.206.243.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3bBxfrjDSmFct9BsGsn-AAAAAE"]
[Fri Nov 18 00:50:51.242964 2022] [:error] [pid 3098217] [client 198.235.24.131:61510] [client 198.235.24.131] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3bI2-rjDSmFct9BsGsn-QAAAAE"]
[Fri Nov 18 01:33:51.462818 2022] [:error] [pid 3098248] [client 213.32.122.82:7689] [client 213.32.122.82] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3bS76Bsr449xxTZxbdS6QAAAAA"]
[Fri Nov 18 03:31:55.536710 2022] [:error] [pid 3098217] [client 194.55.186.126:46796] [client 194.55.186.126] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3bum-rjDSmFct9BsGsoAQAAAAE"]
[Fri Nov 18 03:54:53.142446 2022] [:error] [pid 3098217] [client 152.89.196.211:32830] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/_ignition/execute-solution"] [unique_id "Y3bz-frjDSmFct9BsGsoAgAAAAE"]
[Fri Nov 18 03:58:44.612112 2022] [:error] [pid 3098216] [client 107.150.105.215:19234] [client 107.150.105.215] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3b05AgHsqt-UAeIy1KogQAAAAo"]
[Fri Nov 18 04:36:03.503444 2022] [:error] [pid 3098215] [client 117.187.173.5:59322] [client 117.187.173.5] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3b9o78ZJvxnPIVBKJRirwAAAAI"]
[Fri Nov 18 04:43:58.957942 2022] [:error] [pid 3098218] [client 192.241.209.152:43446] [client 192.241.209.152] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3b-flqeyVz22T3ICFHWzAAAAA0"]
[Fri Nov 18 04:43:58.958070 2022] [:error] [pid 3098218] [client 192.241.209.152:43446] [client 192.241.209.152] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3b-flqeyVz22T3ICFHWzAAAAA0"]
[Fri Nov 18 04:43:58.958460 2022] [:error] [pid 3098218] [client 192.241.209.152:43446] [client 192.241.209.152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3b-flqeyVz22T3ICFHWzAAAAA0"]
[Fri Nov 18 04:43:58.958647 2022] [:error] [pid 3098218] [client 192.241.209.152:43446] [client 192.241.209.152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3b-flqeyVz22T3ICFHWzAAAAA0"]
[Fri Nov 18 05:02:48.435114 2022] [:error] [pid 3098216] [client 128.14.133.58:46298] [client 128.14.133.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3cD6AgHsqt-UAeIy1KohwAAAAo"]
[Fri Nov 18 06:26:32.617983 2022] [:error] [pid 3098218] [client 167.248.133.62:53668] [client 167.248.133.62] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3cXiFqeyVz22T3ICFHWzwAAAA0"]
[Fri Nov 18 06:26:33.034911 2022] [:error] [pid 3098217] [client 167.248.133.62:59134] [client 167.248.133.62] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3cXifrjDSmFct9BsGsoCQAAAAE"]
[Fri Nov 18 06:27:30.118603 2022] [:error] [pid 3098218] [client 128.14.209.162:41384] [client 128.14.209.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3cXwlqeyVz22T3ICFHW0AAAAA0"]
[Fri Nov 18 06:27:38.204892 2022] [:error] [pid 3098248] [client 128.14.209.162:59066] [client 128.14.209.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/showLogin.cc"] [unique_id "Y3cXyqBsr449xxTZxbdS8wAAAAA"]
[Fri Nov 18 07:15:04.321730 2022] [:error] [pid 3100436] [client 194.180.48.125:37872] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3ci6A@HS0UmgfUk1drmpwAAAAM"]
[Fri Nov 18 07:30:23.727363 2022] [:error] [pid 3098214] [client 192.241.206.65:55224] [client 192.241.206.65] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3cmf6xFA3CnOYWlppclmwAAAAc"]
[Fri Nov 18 07:30:23.727584 2022] [:error] [pid 3098214] [client 192.241.206.65:55224] [client 192.241.206.65] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3cmf6xFA3CnOYWlppclmwAAAAc"]
[Fri Nov 18 07:30:23.728531 2022] [:error] [pid 3098214] [client 192.241.206.65:55224] [client 192.241.206.65] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3cmf6xFA3CnOYWlppclmwAAAAc"]
[Fri Nov 18 07:30:23.728789 2022] [:error] [pid 3098214] [client 192.241.206.65:55224] [client 192.241.206.65] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3cmf6xFA3CnOYWlppclmwAAAAc"]
[Fri Nov 18 08:22:42.285840 2022] [:error] [pid 3098218] [client 5.182.210.92:53142] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3cywlqeyVz22T3ICFHW1gAAAA0"]
[Fri Nov 18 08:31:50.269390 2022] [:error] [pid 3098214] [client 5.182.210.92:48622] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3c05qxFA3CnOYWlppclnQAAAAc"]
[Fri Nov 18 08:31:52.827851 2022] [:error] [pid 3100436] [client 5.182.210.92:44372] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3c06A@HS0UmgfUk1drmqQAAAAM"]
[Fri Nov 18 08:31:55.181017 2022] [:error] [pid 3098218] [client 5.182.210.92:44386] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/WuEL"] [unique_id "Y3c061qeyVz22T3ICFHW1wAAAA0"]
[Fri Nov 18 08:32:01.047344 2022] [:error] [pid 3098217] [client 5.182.210.92:44398] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/a"] [unique_id "Y3c08frjDSmFct9BsGsoEAAAAAE"]
[Fri Nov 18 08:41:54.063144 2022] [:error] [pid 3098214] [client 5.182.210.92:39412] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/download/file.ext"] [unique_id "Y3c3QqxFA3CnOYWlppclngAAAAc"]
[Fri Nov 18 08:41:56.133055 2022] [:error] [pid 3098215] [client 5.182.210.92:39438] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/SiteLoader"] [unique_id "Y3c3RL8ZJvxnPIVBKJRivAAAAAI"]
[Fri Nov 18 08:51:56.324235 2022] [:error] [pid 3098248] [client 5.182.210.92:45822] [client 5.182.210.92] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/mPlayer"] [unique_id "Y3c5nKBsr449xxTZxbdS@gAAAAA"]
[Fri Nov 18 09:49:05.889308 2022] [:error] [pid 3098215] [client 185.7.214.218:51770] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3dHAb8ZJvxnPIVBKJRivgAAAAI"]
[Fri Nov 18 09:49:05.889458 2022] [:error] [pid 3098215] [client 185.7.214.218:51770] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3dHAb8ZJvxnPIVBKJRivgAAAAI"]
[Fri Nov 18 09:49:05.889501 2022] [:error] [pid 3098215] [client 185.7.214.218:51770] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3dHAb8ZJvxnPIVBKJRivgAAAAI"]
[Fri Nov 18 09:49:05.889548 2022] [:error] [pid 3098215] [client 185.7.214.218:51770] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3dHAb8ZJvxnPIVBKJRivgAAAAI"]
[Fri Nov 18 09:49:05.890108 2022] [:error] [pid 3098215] [client 185.7.214.218:51770] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3dHAb8ZJvxnPIVBKJRivgAAAAI"]
[Fri Nov 18 09:49:05.890283 2022] [:error] [pid 3098215] [client 185.7.214.218:51770] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3dHAb8ZJvxnPIVBKJRivgAAAAI"]
[Fri Nov 18 10:35:36.401955 2022] [:error] [pid 3098217] [client 192.241.201.172:53760] [client 192.241.201.172] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3dR6PrjDSmFct9BsGsoFAAAAAE"]
[Fri Nov 18 10:35:36.402087 2022] [:error] [pid 3098217] [client 192.241.201.172:53760] [client 192.241.201.172] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3dR6PrjDSmFct9BsGsoFAAAAAE"]
[Fri Nov 18 10:35:36.402713 2022] [:error] [pid 3098217] [client 192.241.201.172:53760] [client 192.241.201.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3dR6PrjDSmFct9BsGsoFAAAAAE"]
[Fri Nov 18 10:35:36.402936 2022] [:error] [pid 3098217] [client 192.241.201.172:53760] [client 192.241.201.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3dR6PrjDSmFct9BsGsoFAAAAAE"]
[Fri Nov 18 10:48:58.871553 2022] [:error] [pid 3098216] [client 176.58.112.101:53968] [client 176.58.112.101] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3dVCggHsqt-UAeIy1KolAAAAAo"]
[Fri Nov 18 13:18:12.060661 2022] [:error] [pid 3105771] [client 74.82.47.35:21355] [client 74.82.47.35] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3d4BAdJgcozuMjOtYFmpAAAAAA"]
[Fri Nov 18 13:32:21.513478 2022] [:error] [pid 3104987] [client 74.82.47.19:55137] [client 74.82.47.19] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3d7VT386OuBw8KnXaKbpgAAAAY"]
[Fri Nov 18 13:41:16.870489 2022] [:error] [pid 3104978] [client 74.82.47.55:34783] [client 74.82.47.55] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3d9bARCNY1XNduZ5fO1tgAAAAU"]
[Fri Nov 18 13:42:31.320971 2022] [:error] [pid 3098217] [client 74.82.47.47:23603] [client 74.82.47.47] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3d9t-rjDSmFct9BsGsoXAAAAAE"]
[Fri Nov 18 13:42:31.321146 2022] [:error] [pid 3098217] [client 74.82.47.47:23603] [client 74.82.47.47] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3d9t-rjDSmFct9BsGsoXAAAAAE"]
[Fri Nov 18 13:42:31.321388 2022] [:error] [pid 3098217] [client 74.82.47.47:23603] [client 74.82.47.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3d9t-rjDSmFct9BsGsoXAAAAAE"]
[Fri Nov 18 13:42:31.321561 2022] [:error] [pid 3098217] [client 74.82.47.47:23603] [client 74.82.47.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3d9t-rjDSmFct9BsGsoXAAAAAE"]
[Fri Nov 18 13:52:49.153602 2022] [:error] [pid 3098216] [client 134.209.36.127:57726] [client 134.209.36.127] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3eAIQgHsqt-UAeIy1KpAgAAAAo"]
[Fri Nov 18 14:09:31.645798 2022] [:error] [pid 3098217] [client 109.237.98.226:59398] [client 109.237.98.226] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3eEC-rjDSmFct9BsGsoXQAAAAE"]
[Fri Nov 18 14:09:31.645992 2022] [:error] [pid 3098217] [client 109.237.98.226:59398] [client 109.237.98.226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3eEC-rjDSmFct9BsGsoXQAAAAE"]
[Fri Nov 18 14:09:31.646241 2022] [:error] [pid 3098217] [client 109.237.98.226:59398] [client 109.237.98.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3eEC-rjDSmFct9BsGsoXQAAAAE"]
[Fri Nov 18 14:09:31.646400 2022] [:error] [pid 3098217] [client 109.237.98.226:59398] [client 109.237.98.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3eEC-rjDSmFct9BsGsoXQAAAAE"]
[Fri Nov 18 15:57:53.020110 2022] [authz_core:error] [pid 3104987] [client 152.89.196.211:40306] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
[Fri Nov 18 16:05:33.082247 2022] [:error] [pid 3098218] [client 192.241.193.104:45814] [client 192.241.193.104] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3efPVqeyVz22T3ICFHXQQAAAA0"]
[Fri Nov 18 16:05:33.082369 2022] [:error] [pid 3098218] [client 192.241.193.104:45814] [client 192.241.193.104] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3efPVqeyVz22T3ICFHXQQAAAA0"]
[Fri Nov 18 16:05:33.082871 2022] [:error] [pid 3098218] [client 192.241.193.104:45814] [client 192.241.193.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3efPVqeyVz22T3ICFHXQQAAAA0"]
[Fri Nov 18 16:05:33.083072 2022] [:error] [pid 3098218] [client 192.241.193.104:45814] [client 192.241.193.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3efPVqeyVz22T3ICFHXQQAAAA0"]
[Fri Nov 18 16:44:18.887528 2022] [:error] [pid 3098216] [client 94.102.61.8:58626] [client 94.102.61.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3eoUggHsqt-UAeIy1KpBQAAAAo"]
[Fri Nov 18 17:16:09.689412 2022] [:error] [pid 3098215] [client 152.89.196.211:58706] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3evyb8ZJvxnPIVBKJRjAAAAAAI"]
[Fri Nov 18 17:52:37.475509 2022] [:error] [pid 3098216] [client 152.89.196.211:47508] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/mifs/.;/services/LogService"] [unique_id "Y3e4VQgHsqt-UAeIy1KpBgAAAAo"], referer: https://37.186.153.126:443
[Fri Nov 18 17:52:37.475597 2022] [:error] [pid 3098216] [client 152.89.196.211:47508] [client 152.89.196.211] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "914"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "x-application/hessian"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/CONTENT_TYPE_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "37.186.153.126"] [uri "/mifs/.;/services/LogService"] [unique_id "Y3e4VQgHsqt-UAeIy1KpBgAAAAo"], referer: https://37.186.153.126:443
[Fri Nov 18 17:52:37.476021 2022] [:error] [pid 3098216] [client 152.89.196.211:47508] [client 152.89.196.211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/mifs/.;/services/LogService"] [unique_id "Y3e4VQgHsqt-UAeIy1KpBgAAAAo"], referer: https://37.186.153.126:443
[Fri Nov 18 17:52:37.476232 2022] [:error] [pid 3098216] [client 152.89.196.211:47508] [client 152.89.196.211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/mifs/.;/services/LogService"] [unique_id "Y3e4VQgHsqt-UAeIy1KpBgAAAAo"], referer: https://37.186.153.126:443
[Fri Nov 18 18:17:24.911278 2022] [:error] [pid 3104978] [client 128.1.248.42:56480] [client 128.1.248.42] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3e@JARCNY1XNduZ5fO1uwAAAAU"]
[Fri Nov 18 18:35:16.812508 2022] [:error] [pid 3104980] [client 154.89.5.117:49150] [client 154.89.5.117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3fCVC2GlBhYtKTnzSLr-QAAAAg"]
[Fri Nov 18 18:56:28.821633 2022] [:error] [pid 3105349] [client 179.43.177.154:47860] [client 179.43.177.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3fHTKBq95FLNPTpa4xe1QAAAAc"]
[Fri Nov 18 18:56:28.821877 2022] [:error] [pid 3105349] [client 179.43.177.154:47860] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3fHTKBq95FLNPTpa4xe1QAAAAc"]
[Fri Nov 18 18:56:28.822129 2022] [:error] [pid 3105349] [client 179.43.177.154:47860] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3fHTKBq95FLNPTpa4xe1QAAAAc"]
[Fri Nov 18 18:56:28.822280 2022] [:error] [pid 3105349] [client 179.43.177.154:47860] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3fHTKBq95FLNPTpa4xe1QAAAAc"]
[Fri Nov 18 19:21:44.624536 2022] [:error] [pid 3105771] [client 34.76.96.55:34526] [client 34.76.96.55] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3fNOAdJgcozuMjOtYFmqwAAAAA"]
[Fri Nov 18 20:29:19.927869 2022] [:error] [pid 3100436] [client 194.180.48.125:57448] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y3fdDw@HS0UmgfUk1drm2wAAAAM"]
[Fri Nov 18 20:32:16.675497 2022] [:error] [pid 3104987] [client 117.78.22.201:38890] [client 117.78.22.201] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3fdwD386OuBw8KnXaKbrgAAAAY"]
[Fri Nov 18 20:33:52.693629 2022] [:error] [pid 3105349] [client 192.241.202.90:53602] [client 192.241.202.90] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3feIKBq95FLNPTpa4xe1wAAAAc"]
[Fri Nov 18 20:33:52.693790 2022] [:error] [pid 3105349] [client 192.241.202.90:53602] [client 192.241.202.90] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3feIKBq95FLNPTpa4xe1wAAAAc"]
[Fri Nov 18 20:33:52.694257 2022] [:error] [pid 3105349] [client 192.241.202.90:53602] [client 192.241.202.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3feIKBq95FLNPTpa4xe1wAAAAc"]
[Fri Nov 18 20:33:52.694463 2022] [:error] [pid 3105349] [client 192.241.202.90:53602] [client 192.241.202.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3feIKBq95FLNPTpa4xe1wAAAAc"]
[Fri Nov 18 20:33:56.778460 2022] [:error] [pid 3098218] [client 192.241.212.122:49292] [client 192.241.212.122] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3feJFqeyVz22T3ICFHXRgAAAA0"]
[Fri Nov 18 20:33:56.778557 2022] [:error] [pid 3098218] [client 192.241.212.122:49292] [client 192.241.212.122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3feJFqeyVz22T3ICFHXRgAAAA0"]
[Fri Nov 18 20:33:56.778903 2022] [:error] [pid 3098218] [client 192.241.212.122:49292] [client 192.241.212.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3feJFqeyVz22T3ICFHXRgAAAA0"]
[Fri Nov 18 20:33:56.779086 2022] [:error] [pid 3098218] [client 192.241.212.122:49292] [client 192.241.212.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3feJFqeyVz22T3ICFHXRgAAAA0"]
[Fri Nov 18 20:35:07.276569 2022] [:error] [pid 3098215] [client 192.241.203.37:34446] [client 192.241.203.37] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3fea78ZJvxnPIVBKJRjAwAAAAI"]
[Fri Nov 18 20:35:07.276706 2022] [:error] [pid 3098215] [client 192.241.203.37:34446] [client 192.241.203.37] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3fea78ZJvxnPIVBKJRjAwAAAAI"]
[Fri Nov 18 20:35:07.277730 2022] [:error] [pid 3098215] [client 192.241.203.37:34446] [client 192.241.203.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3fea78ZJvxnPIVBKJRjAwAAAAI"]
[Fri Nov 18 20:35:07.277909 2022] [:error] [pid 3098215] [client 192.241.203.37:34446] [client 192.241.203.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3fea78ZJvxnPIVBKJRjAwAAAAI"]
[Fri Nov 18 20:42:34.844777 2022] [:error] [pid 3104987] [client 117.78.22.201:36534] [client 117.78.22.201] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3fgKj386OuBw8KnXaKbrwAAAAY"]
[Fri Nov 18 20:44:55.844558 2022] [:error] [pid 3098217] [client 185.7.214.218:55122] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3fgt-rjDSmFct9BsGsoZAAAAAE"]
[Fri Nov 18 20:44:55.844750 2022] [:error] [pid 3098217] [client 185.7.214.218:55122] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3fgt-rjDSmFct9BsGsoZAAAAAE"]
[Fri Nov 18 20:44:55.844802 2022] [:error] [pid 3098217] [client 185.7.214.218:55122] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3fgt-rjDSmFct9BsGsoZAAAAAE"]
[Fri Nov 18 20:44:55.844839 2022] [:error] [pid 3098217] [client 185.7.214.218:55122] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3fgt-rjDSmFct9BsGsoZAAAAAE"]
[Fri Nov 18 20:44:55.845428 2022] [:error] [pid 3098217] [client 185.7.214.218:55122] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3fgt-rjDSmFct9BsGsoZAAAAAE"]
[Fri Nov 18 20:44:55.845607 2022] [:error] [pid 3098217] [client 185.7.214.218:55122] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3fgt-rjDSmFct9BsGsoZAAAAAE"]
[Fri Nov 18 21:07:02.995504 2022] [:error] [pid 3098216] [client 185.82.238.216:58220] [client 185.82.238.216] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3fl5ggHsqt-UAeIy1KpCwAAAAo"]
[Fri Nov 18 21:36:21.567124 2022] [:error] [pid 3100436] [client 46.197.217.95:42278] [client 46.197.217.95] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3fsxQ@HS0UmgfUk1drm3gAAAAM"]
[Fri Nov 18 22:16:45.362114 2022] [:error] [pid 3098215] [client 152.89.196.211:60692] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3f2Pb8ZJvxnPIVBKJRjBgAAAAI"]
[Fri Nov 18 22:58:10.089125 2022] [:error] [pid 3104978] [client 152.89.196.211:57576] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3f-8gRCNY1XNduZ5fO1wgAAAAU"]
[Fri Nov 18 23:16:57.557088 2022] [:error] [pid 3104978] [client 167.94.138.120:47450] [client 167.94.138.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3gEWQRCNY1XNduZ5fO1wwAAAAU"]
[Sat Nov 19 00:38:43.579776 2022] [:error] [pid 3112303] [client 103.149.192.68:33863] [client 103.149.192.68] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3gXg7E3BrkG7y2a2f0ZSAAAAAM"]
[Sat Nov 19 01:31:46.466963 2022] [:error] [pid 3112299] [client 128.14.141.34:53208] [client 128.14.141.34] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3gj8nUEuzPnYMUDCX7AmgAAAAI"]
[Sat Nov 19 02:19:54.735548 2022] [core:error] [pid 3112303] [client 152.89.196.211:54318] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1
[Sat Nov 19 02:32:54.743037 2022] [:error] [pid 3112300] [client 179.43.177.154:43946] [client 179.43.177.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3gyRpg6XJ3cEi5JtnpwTgAAAAo"]
[Sat Nov 19 02:32:54.743270 2022] [:error] [pid 3112300] [client 179.43.177.154:43946] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3gyRpg6XJ3cEi5JtnpwTgAAAAo"]
[Sat Nov 19 02:32:54.743556 2022] [:error] [pid 3112300] [client 179.43.177.154:43946] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3gyRpg6XJ3cEi5JtnpwTgAAAAo"]
[Sat Nov 19 02:32:54.743730 2022] [:error] [pid 3112300] [client 179.43.177.154:43946] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3gyRpg6XJ3cEi5JtnpwTgAAAAo"]
[Sat Nov 19 03:57:08.400807 2022] [:error] [pid 3112303] [client 184.105.139.85:15545] [client 184.105.139.85] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3hGBLE3BrkG7y2a2f0ZTQAAAAM"]
[Sat Nov 19 04:08:41.406584 2022] [:error] [pid 3112303] [client 184.105.139.73:27897] [client 184.105.139.73] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3hIubE3BrkG7y2a2f0ZTgAAAAM"]
[Sat Nov 19 04:14:31.231324 2022] [:error] [pid 3112300] [client 184.105.139.69:43761] [client 184.105.139.69] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3hKF5g6XJ3cEi5JtnpwUAAAAAo"]
[Sat Nov 19 04:16:11.622066 2022] [:error] [pid 3112301] [client 184.105.139.121:23437] [client 184.105.139.121] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3hKe1Bx4nB3uIJtqc1j4wAAAAE"]
[Sat Nov 19 04:16:11.622246 2022] [:error] [pid 3112301] [client 184.105.139.121:23437] [client 184.105.139.121] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3hKe1Bx4nB3uIJtqc1j4wAAAAE"]
[Sat Nov 19 04:16:11.622521 2022] [:error] [pid 3112301] [client 184.105.139.121:23437] [client 184.105.139.121] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3hKe1Bx4nB3uIJtqc1j4wAAAAE"]
[Sat Nov 19 04:16:11.622699 2022] [:error] [pid 3112301] [client 184.105.139.121:23437] [client 184.105.139.121] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3hKe1Bx4nB3uIJtqc1j4wAAAAE"]
[Sat Nov 19 04:44:39.022099 2022] [:error] [pid 3112299] [client 192.241.202.229:60948] [client 192.241.202.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3hRJ3UEuzPnYMUDCX7AnQAAAAI"]
[Sat Nov 19 04:44:39.022283 2022] [:error] [pid 3112299] [client 192.241.202.229:60948] [client 192.241.202.229] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3hRJ3UEuzPnYMUDCX7AnQAAAAI"]
[Sat Nov 19 04:44:39.022782 2022] [:error] [pid 3112299] [client 192.241.202.229:60948] [client 192.241.202.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3hRJ3UEuzPnYMUDCX7AnQAAAAI"]
[Sat Nov 19 04:44:39.023031 2022] [:error] [pid 3112299] [client 192.241.202.229:60948] [client 192.241.202.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3hRJ3UEuzPnYMUDCX7AnQAAAAI"]
[Sat Nov 19 05:13:54.238495 2022] [:error] [pid 3112303] [client 185.7.214.218:48034] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3hYArE3BrkG7y2a2f0ZUAAAAAM"]
[Sat Nov 19 05:13:54.238677 2022] [:error] [pid 3112303] [client 185.7.214.218:48034] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3hYArE3BrkG7y2a2f0ZUAAAAAM"]
[Sat Nov 19 05:13:54.238757 2022] [:error] [pid 3112303] [client 185.7.214.218:48034] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3hYArE3BrkG7y2a2f0ZUAAAAAM"]
[Sat Nov 19 05:13:54.238790 2022] [:error] [pid 3112303] [client 185.7.214.218:48034] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3hYArE3BrkG7y2a2f0ZUAAAAAM"]
[Sat Nov 19 05:13:54.239386 2022] [:error] [pid 3112303] [client 185.7.214.218:48034] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3hYArE3BrkG7y2a2f0ZUAAAAAM"]
[Sat Nov 19 05:13:54.239591 2022] [:error] [pid 3112303] [client 185.7.214.218:48034] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3hYArE3BrkG7y2a2f0ZUAAAAAM"]
[Sat Nov 19 07:30:06.809954 2022] [:error] [pid 3112301] [client 192.241.198.117:36750] [client 192.241.198.117] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3h37lBx4nB3uIJtqc1j6AAAAAE"]
[Sat Nov 19 07:30:06.810121 2022] [:error] [pid 3112301] [client 192.241.198.117:36750] [client 192.241.198.117] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3h37lBx4nB3uIJtqc1j6AAAAAE"]
[Sat Nov 19 07:30:06.813424 2022] [:error] [pid 3112301] [client 192.241.198.117:36750] [client 192.241.198.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3h37lBx4nB3uIJtqc1j6AAAAAE"]
[Sat Nov 19 07:30:06.813612 2022] [:error] [pid 3112301] [client 192.241.198.117:36750] [client 192.241.198.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3h37lBx4nB3uIJtqc1j6AAAAAE"]
[Sat Nov 19 07:46:21.135498 2022] [:error] [pid 3112303] [client 87.236.176.76:53567] [client 87.236.176.76] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3h7vbE3BrkG7y2a2f0ZVQAAAAM"]
[Sat Nov 19 07:56:52.967878 2022] [:error] [pid 3112343] [client 162.221.192.26:50592] [client 162.221.192.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3h@ND5fHzZh3as-CZUVvAAAAAA"]
[Sat Nov 19 08:42:48.643368 2022] [:error] [pid 3112301] [client 183.136.225.32:41729] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3iI@FBx4nB3uIJtqc1j6QAAAAE"]
[Sat Nov 19 09:36:10.980529 2022] [:error] [pid 3112299] [client 213.32.122.82:31645] [client 213.32.122.82] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3iVenUEuzPnYMUDCX7ApgAAAAI"]
[Sat Nov 19 11:10:55.974535 2022] [:error] [pid 3112343] [client 152.89.196.211:55112] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3irrz5fHzZh3as-CZUVwgAAAAA"]
[Sat Nov 19 11:36:32.813854 2022] [:error] [pid 3112302] [client 192.241.210.240:33284] [client 192.241.210.240] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ixsLnF5KYWJbsTgGfo6gAAAA0"]
[Sat Nov 19 11:36:32.813975 2022] [:error] [pid 3112302] [client 192.241.210.240:33284] [client 192.241.210.240] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ixsLnF5KYWJbsTgGfo6gAAAA0"]
[Sat Nov 19 11:36:32.814652 2022] [:error] [pid 3112302] [client 192.241.210.240:33284] [client 192.241.210.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ixsLnF5KYWJbsTgGfo6gAAAA0"]
[Sat Nov 19 11:36:32.814828 2022] [:error] [pid 3112302] [client 192.241.210.240:33284] [client 192.241.210.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ixsLnF5KYWJbsTgGfo6gAAAA0"]
[Sat Nov 19 11:46:23.417277 2022] [:error] [pid 3112621] [client 152.89.196.211:49034] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/console/"] [unique_id "Y3iz-8g1IhlsnZu6dBwUMAAAAAQ"]
[Sat Nov 19 12:04:54.091216 2022] [:error] [pid 3112301] [client 152.89.196.211:54080] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/Autodiscover/Autodiscover.xml"] [unique_id "Y3i4VlBx4nB3uIJtqc1j7gAAAAE"]
[Sat Nov 19 13:00:00.635289 2022] [:error] [pid 3120847] [client 2.58.56.246:46726] [client 2.58.56.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFQP0EfjxZZ6VzdWwpUwAAAAo"]
[Sat Nov 19 13:00:00.635652 2022] [:error] [pid 3120847] [client 2.58.56.246:46726] [client 2.58.56.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFQP0EfjxZZ6VzdWwpUwAAAAo"]
[Sat Nov 19 13:00:00.635855 2022] [:error] [pid 3120847] [client 2.58.56.246:46726] [client 2.58.56.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFQP0EfjxZZ6VzdWwpUwAAAAo"]
[Sat Nov 19 13:00:00.706637 2022] [:error] [pid 3120850] [client 2.58.56.246:46868] [client 2.58.56.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFQBoBOmSvhrd1FQUJUwAAAAA"]
[Sat Nov 19 13:00:00.706982 2022] [:error] [pid 3120850] [client 2.58.56.246:46868] [client 2.58.56.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFQBoBOmSvhrd1FQUJUwAAAAA"]
[Sat Nov 19 13:00:00.707184 2022] [:error] [pid 3120850] [client 2.58.56.246:46868] [client 2.58.56.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFQBoBOmSvhrd1FQUJUwAAAAA"]
[Sat Nov 19 13:00:25.230023 2022] [:error] [pid 3120848] [client 2.58.56.246:35368] [client 2.58.56.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFWWbeq-ETvhldXew0fQAAAAE"]
[Sat Nov 19 13:00:25.230330 2022] [:error] [pid 3120848] [client 2.58.56.246:35368] [client 2.58.56.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFWWbeq-ETvhldXew0fQAAAAE"]
[Sat Nov 19 13:00:25.230523 2022] [:error] [pid 3120848] [client 2.58.56.246:35368] [client 2.58.56.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFWWbeq-ETvhldXew0fQAAAAE"]
[Sat Nov 19 13:00:29.504287 2022] [:error] [pid 3120849] [client 2.58.56.246:38234] [client 2.58.56.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFXZ8RxJXC8pKV1p@HGgAAAAM"]
[Sat Nov 19 13:00:29.504594 2022] [:error] [pid 3120849] [client 2.58.56.246:38234] [client 2.58.56.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFXZ8RxJXC8pKV1p@HGgAAAAM"]
[Sat Nov 19 13:00:29.504771 2022] [:error] [pid 3120849] [client 2.58.56.246:38234] [client 2.58.56.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFXZ8RxJXC8pKV1p@HGgAAAAM"]
[Sat Nov 19 13:00:52.524457 2022] [:error] [pid 3120846] [client 2.58.56.246:50774] [client 2.58.56.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFdN2xWTtqaEdmQ32RjAAAAAI"]
[Sat Nov 19 13:00:52.524729 2022] [:error] [pid 3120846] [client 2.58.56.246:50774] [client 2.58.56.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFdN2xWTtqaEdmQ32RjAAAAAI"]
[Sat Nov 19 13:00:52.524888 2022] [:error] [pid 3120846] [client 2.58.56.246:50774] [client 2.58.56.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFdN2xWTtqaEdmQ32RjAAAAAI"]
[Sat Nov 19 13:01:04.820669 2022] [:error] [pid 3120878] [client 164.92.135.200:45914] [client 164.92.135.200] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFgKK3NK9oRY7k9znB8AAAAAQ"]
[Sat Nov 19 13:01:04.820911 2022] [:error] [pid 3120878] [client 164.92.135.200:45914] [client 164.92.135.200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFgKK3NK9oRY7k9znB8AAAAAQ"]
[Sat Nov 19 13:01:04.821094 2022] [:error] [pid 3120878] [client 164.92.135.200:45914] [client 164.92.135.200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFgKK3NK9oRY7k9znB8AAAAAQ"]
[Sat Nov 19 13:01:04.862578 2022] [:error] [pid 3120888] [client 164.92.135.200:45910] [client 164.92.135.200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFgKKjSkv4N9WHhHBzOAAAAAc"]
[Sat Nov 19 13:01:04.862834 2022] [:error] [pid 3120888] [client 164.92.135.200:45910] [client 164.92.135.200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFgKKjSkv4N9WHhHBzOAAAAAc"]
[Sat Nov 19 13:01:04.862993 2022] [:error] [pid 3120888] [client 164.92.135.200:45910] [client 164.92.135.200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFgKKjSkv4N9WHhHBzOAAAAAc"]
[Sat Nov 19 13:01:04.871064 2022] [:error] [pid 3120884] [client 164.92.135.200:45906] [client 164.92.135.200] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.DS_Store"] [unique_id "Y3jFgKWGZqo1tdDa0EGobQAAAAU"]
[Sat Nov 19 13:01:04.871282 2022] [:error] [pid 3120884] [client 164.92.135.200:45906] [client 164.92.135.200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.DS_Store"] [unique_id "Y3jFgKWGZqo1tdDa0EGobQAAAAU"]
[Sat Nov 19 13:01:04.871436 2022] [:error] [pid 3120884] [client 164.92.135.200:45906] [client 164.92.135.200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.DS_Store"] [unique_id "Y3jFgKWGZqo1tdDa0EGobQAAAAU"]
[Sat Nov 19 13:01:04.896622 2022] [authz_core:error] [pid 3120884] [client 164.92.135.200:45902] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Sat Nov 19 13:01:05.919233 2022] [:error] [pid 3120850] [client 164.92.135.200:45892] [client 164.92.135.200] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "magento.test.indaco.store"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y3jFgRoBOmSvhrd1FQUJVwAAAAA"]
[Sat Nov 19 13:01:05.919817 2022] [:error] [pid 3120850] [client 164.92.135.200:45892] [client 164.92.135.200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y3jFgRoBOmSvhrd1FQUJVwAAAAA"]
[Sat Nov 19 13:01:05.920004 2022] [:error] [pid 3120850] [client 164.92.135.200:45892] [client 164.92.135.200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/api/v2/cmdb/system/admin/admin"] [unique_id "Y3jFgRoBOmSvhrd1FQUJVwAAAAA"]
[Sat Nov 19 13:01:06.885920 2022] [:error] [pid 3120849] [client 179.43.177.154:39120] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFgp8RxJXC8pKV1p@HHgAAAAM"]
[Sat Nov 19 13:01:06.886260 2022] [:error] [pid 3120849] [client 179.43.177.154:39120] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFgp8RxJXC8pKV1p@HHgAAAAM"]
[Sat Nov 19 13:01:06.886440 2022] [:error] [pid 3120849] [client 179.43.177.154:39120] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFgp8RxJXC8pKV1p@HHgAAAAM"]
[Sat Nov 19 13:01:47.410146 2022] [:error] [pid 3120889] [client 154.13.1.89:62409] [client 154.13.1.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFq3utmfp3NumkUiMuvgAAAAg"]
[Sat Nov 19 13:01:47.410448 2022] [:error] [pid 3120889] [client 154.13.1.89:62409] [client 154.13.1.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFq3utmfp3NumkUiMuvgAAAAg"]
[Sat Nov 19 13:01:47.410653 2022] [:error] [pid 3120889] [client 154.13.1.89:62409] [client 154.13.1.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFq3utmfp3NumkUiMuvgAAAAg"]
[Sat Nov 19 13:01:47.599046 2022] [:error] [pid 3120884] [client 154.13.1.89:62411] [client 154.13.1.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFq6WGZqo1tdDa0EGobwAAAAU"]
[Sat Nov 19 13:01:47.599589 2022] [:error] [pid 3120884] [client 154.13.1.89:62411] [client 154.13.1.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFq6WGZqo1tdDa0EGobwAAAAU"]
[Sat Nov 19 13:01:47.599746 2022] [:error] [pid 3120884] [client 154.13.1.89:62411] [client 154.13.1.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jFq6WGZqo1tdDa0EGobwAAAAU"]
[Sat Nov 19 13:01:48.250447 2022] [:error] [pid 3120849] [client 154.13.1.89:62401] [client 154.13.1.89] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFrJ8RxJXC8pKV1p@HHwAAAAM"]
[Sat Nov 19 13:01:48.250738 2022] [:error] [pid 3120849] [client 154.13.1.89:62401] [client 154.13.1.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFrJ8RxJXC8pKV1p@HHwAAAAM"]
[Sat Nov 19 13:01:48.250908 2022] [:error] [pid 3120849] [client 154.13.1.89:62401] [client 154.13.1.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jFrJ8RxJXC8pKV1p@HHwAAAAM"]
[Sat Nov 19 13:19:41.679059 2022] [:error] [pid 3120847] [client 185.7.214.218:45816] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3jJ3f0EfjxZZ6VzdWwpWwAAAAo"]
[Sat Nov 19 13:19:41.679218 2022] [:error] [pid 3120847] [client 185.7.214.218:45816] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3jJ3f0EfjxZZ6VzdWwpWwAAAAo"]
[Sat Nov 19 13:19:41.679271 2022] [:error] [pid 3120847] [client 185.7.214.218:45816] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3jJ3f0EfjxZZ6VzdWwpWwAAAAo"]
[Sat Nov 19 13:19:41.679312 2022] [:error] [pid 3120847] [client 185.7.214.218:45816] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3jJ3f0EfjxZZ6VzdWwpWwAAAAo"]
[Sat Nov 19 13:19:41.679857 2022] [:error] [pid 3120847] [client 185.7.214.218:45816] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3jJ3f0EfjxZZ6VzdWwpWwAAAAo"]
[Sat Nov 19 13:19:41.680024 2022] [:error] [pid 3120847] [client 185.7.214.218:45816] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3jJ3f0EfjxZZ6VzdWwpWwAAAAo"]
[Sat Nov 19 13:27:59.762675 2022] [:error] [pid 3120878] [client 128.14.209.162:49836] [client 128.14.209.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3jLz6K3NK9oRY7k9znB8gAAAAQ"]
[Sat Nov 19 14:38:08.787863 2022] [:error] [pid 3120878] [client 152.89.196.211:39988] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3jcQKK3NK9oRY7k9znB8wAAAAQ"]
[Sat Nov 19 15:12:03.821699 2022] [:error] [pid 3120849] [client 179.43.177.154:49948] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkM58RxJXC8pKV1p@HIgAAAAM"]
[Sat Nov 19 15:12:03.821973 2022] [:error] [pid 3120849] [client 179.43.177.154:49948] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkM58RxJXC8pKV1p@HIgAAAAM"]
[Sat Nov 19 15:12:03.822138 2022] [:error] [pid 3120849] [client 179.43.177.154:49948] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkM58RxJXC8pKV1p@HIgAAAAM"]
[Sat Nov 19 15:12:49.503265 2022] [:error] [pid 3120889] [client 2.58.56.246:57486] [client 2.58.56.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkYXutmfp3NumkUiMuwgAAAAg"]
[Sat Nov 19 15:12:49.503522 2022] [:error] [pid 3120889] [client 2.58.56.246:57486] [client 2.58.56.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkYXutmfp3NumkUiMuwgAAAAg"]
[Sat Nov 19 15:12:49.503688 2022] [:error] [pid 3120889] [client 2.58.56.246:57486] [client 2.58.56.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkYXutmfp3NumkUiMuwgAAAAg"]
[Sat Nov 19 15:12:56.381604 2022] [:error] [pid 3120884] [client 179.43.177.154:42714] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/static../.git/config"] [unique_id "Y3jkaKWGZqo1tdDa0EGocgAAAAU"]
[Sat Nov 19 15:12:56.381867 2022] [:error] [pid 3120884] [client 179.43.177.154:42714] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/static../.git/config"] [unique_id "Y3jkaKWGZqo1tdDa0EGocgAAAAU"]
[Sat Nov 19 15:12:56.382032 2022] [:error] [pid 3120884] [client 179.43.177.154:42714] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/static../.git/config"] [unique_id "Y3jkaKWGZqo1tdDa0EGocgAAAAU"]
[Sat Nov 19 15:12:57.061994 2022] [:error] [pid 3120850] [client 154.13.1.114:62317] [client 154.13.1.114] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkaRoBOmSvhrd1FQUJXgAAAAA"]
[Sat Nov 19 15:12:57.062290 2022] [:error] [pid 3120850] [client 154.13.1.114:62317] [client 154.13.1.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkaRoBOmSvhrd1FQUJXgAAAAA"]
[Sat Nov 19 15:12:57.062446 2022] [:error] [pid 3120850] [client 154.13.1.114:62317] [client 154.13.1.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.git/config"] [unique_id "Y3jkaRoBOmSvhrd1FQUJXgAAAAA"]
[Sat Nov 19 15:13:01.656147 2022] [:error] [pid 3120888] [client 154.13.1.114:62313] [client 154.13.1.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jkbaKjSkv4N9WHhHBzPAAAAAc"]
[Sat Nov 19 15:13:01.656407 2022] [:error] [pid 3120888] [client 154.13.1.114:62313] [client 154.13.1.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jkbaKjSkv4N9WHhHBzPAAAAAc"]
[Sat Nov 19 15:13:01.656546 2022] [:error] [pid 3120888] [client 154.13.1.114:62313] [client 154.13.1.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jkbaKjSkv4N9WHhHBzPAAAAAc"]
[Sat Nov 19 15:13:01.699457 2022] [:error] [pid 3120849] [client 154.13.1.114:62311] [client 154.13.1.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jkbZ8RxJXC8pKV1p@HIwAAAAM"]
[Sat Nov 19 15:13:01.700061 2022] [:error] [pid 3120849] [client 154.13.1.114:62311] [client 154.13.1.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jkbZ8RxJXC8pKV1p@HIwAAAAM"]
[Sat Nov 19 15:13:01.700281 2022] [:error] [pid 3120849] [client 154.13.1.114:62311] [client 154.13.1.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3jkbZ8RxJXC8pKV1p@HIwAAAAM"]
[Sat Nov 19 17:06:24.240816 2022] [:error] [pid 3120878] [client 192.241.202.54:58506] [client 192.241.202.54] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3j-AKK3NK9oRY7k9znB9wAAAAQ"]
[Sat Nov 19 17:06:24.240959 2022] [:error] [pid 3120878] [client 192.241.202.54:58506] [client 192.241.202.54] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3j-AKK3NK9oRY7k9znB9wAAAAQ"]
[Sat Nov 19 17:06:24.241296 2022] [:error] [pid 3120878] [client 192.241.202.54:58506] [client 192.241.202.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3j-AKK3NK9oRY7k9znB9wAAAAQ"]
[Sat Nov 19 17:06:24.241481 2022] [:error] [pid 3120878] [client 192.241.202.54:58506] [client 192.241.202.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3j-AKK3NK9oRY7k9znB9wAAAAQ"]
[Sat Nov 19 18:10:58.356988 2022] [:error] [pid 3120878] [client 85.74.141.216:55671] [client 85.74.141.216] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3kOIqK3NK9oRY7k9znB@QAAAAQ"]
[Sat Nov 19 18:19:59.634565 2022] [:error] [pid 3120846] [client 167.94.138.47:45708] [client 167.94.138.47] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3kQP92xWTtqaEdmQ32RmAAAAAI"]
[Sat Nov 19 18:45:59.558866 2022] [:error] [pid 3120890] [client 85.109.95.140:52182] [client 85.109.95.140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3kWVwCe1rem3ue@euCd7QAAAAk"]
[Sat Nov 19 19:11:08.686199 2022] [:error] [pid 3120885] [client 35.195.93.98:41334] [client 35.195.93.98] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3kcPECJgE4e@g3d12LHdAAAAAY"]
[Sat Nov 19 19:26:39.048300 2022] [:error] [pid 3120890] [client 51.77.247.119:37690] [client 51.77.247.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/phpinfo"] [unique_id "Y3kf3wCe1rem3ue@euCd7gAAAAk"]
[Sat Nov 19 19:29:41.542784 2022] [:error] [pid 3120846] [client 194.55.186.126:36274] [client 194.55.186.126] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3kgld2xWTtqaEdmQ32RmQAAAAI"]
[Sat Nov 19 21:50:52.134590 2022] [:error] [pid 3120888] [client 194.180.48.125:48720] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3lBrKKjSkv4N9WHhHBzQwAAAAc"]
[Sat Nov 19 22:02:41.411293 2022] [:error] [pid 3120885] [client 185.7.214.218:34680] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3lEcUCJgE4e@g3d12LHdgAAAAY"]
[Sat Nov 19 22:02:41.411490 2022] [:error] [pid 3120885] [client 185.7.214.218:34680] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3lEcUCJgE4e@g3d12LHdgAAAAY"]
[Sat Nov 19 22:02:41.411541 2022] [:error] [pid 3120885] [client 185.7.214.218:34680] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3lEcUCJgE4e@g3d12LHdgAAAAY"]
[Sat Nov 19 22:02:41.411591 2022] [:error] [pid 3120885] [client 185.7.214.218:34680] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3lEcUCJgE4e@g3d12LHdgAAAAY"]
[Sat Nov 19 22:02:41.412237 2022] [:error] [pid 3120885] [client 185.7.214.218:34680] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3lEcUCJgE4e@g3d12LHdgAAAAY"]
[Sat Nov 19 22:02:41.412419 2022] [:error] [pid 3120885] [client 185.7.214.218:34680] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3lEcUCJgE4e@g3d12LHdgAAAAY"]
[Sun Nov 20 01:02:05.794843 2022] [:error] [pid 3126417] [client 209.141.40.253:58359] [client 209.141.40.253] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3lufWHyyh2uReD6RpM8jwAAAAQ"]
[Sun Nov 20 01:05:45.514272 2022] [:error] [pid 3126414] [client 183.136.225.9:25990] [client 183.136.225.9] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3lvWdoURXhDDU0X1sgKmwAAAAo"]
[Sun Nov 20 01:59:17.663381 2022] [:error] [pid 3126413] [client 152.89.196.211:54540] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3l75S-iUHn0ngyIq9028wAAAAI"]
[Sun Nov 20 02:43:47.111387 2022] [:error] [pid 3126415] [client 167.94.138.61:42018] [client 167.94.138.61] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3mGU0o2i6vhVcLFP2AnpAAAAAM"]
[Sun Nov 20 02:43:47.569697 2022] [:error] [pid 3126913] [client 167.94.138.61:33566] [client 167.94.138.61] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3mGU-sCmkGKtZZ49Q58-QAAAAU"]
[Sun Nov 20 03:14:26.719618 2022] [:error] [pid 3126413] [client 152.89.196.211:37218] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3mNgi-iUHn0ngyIq9029gAAAAI"]
[Sun Nov 20 03:38:17.939889 2022] [:error] [pid 3126567] [client 152.89.196.211:42670] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3mTGagNsAzn-H@IR7zysgAAAAE"]
[Sun Nov 20 05:45:20.215451 2022] [:error] [pid 3126567] [client 51.142.239.33:51016] [client 51.142.239.33] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3mw4KgNsAzn-H@IR7zytQAAAAE"]
[Sun Nov 20 06:15:10.081887 2022] [:error] [pid 3126413] [client 167.94.145.60:52294] [client 167.94.145.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3m33i-iUHn0ngyIq902@gAAAAI"]
[Sun Nov 20 06:15:10.192252 2022] [:error] [pid 3126416] [client 167.94.145.60:53882] [client 167.94.145.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3m33rpTWUMf3jFQWg64LgAAAAA"]
[Sun Nov 20 06:39:09.820449 2022] [:error] [pid 3126415] [client 185.7.214.218:47722] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3m9fUo2i6vhVcLFP2AnqgAAAAM"]
[Sun Nov 20 06:39:09.820664 2022] [:error] [pid 3126415] [client 185.7.214.218:47722] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3m9fUo2i6vhVcLFP2AnqgAAAAM"]
[Sun Nov 20 06:39:09.820727 2022] [:error] [pid 3126415] [client 185.7.214.218:47722] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3m9fUo2i6vhVcLFP2AnqgAAAAM"]
[Sun Nov 20 06:39:09.820772 2022] [:error] [pid 3126415] [client 185.7.214.218:47722] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3m9fUo2i6vhVcLFP2AnqgAAAAM"]
[Sun Nov 20 06:39:09.821543 2022] [:error] [pid 3126415] [client 185.7.214.218:47722] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3m9fUo2i6vhVcLFP2AnqgAAAAM"]
[Sun Nov 20 06:39:09.821784 2022] [:error] [pid 3126415] [client 185.7.214.218:47722] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3m9fUo2i6vhVcLFP2AnqgAAAAM"]
[Sun Nov 20 07:32:32.535119 2022] [:error] [pid 3126913] [client 192.241.212.227:46568] [client 192.241.212.227] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3nKAPsCmkGKtZZ49Q59BAAAAAU"]
[Sun Nov 20 07:32:32.535264 2022] [:error] [pid 3126913] [client 192.241.212.227:46568] [client 192.241.212.227] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3nKAPsCmkGKtZZ49Q59BAAAAAU"]
[Sun Nov 20 07:32:32.535945 2022] [:error] [pid 3126913] [client 192.241.212.227:46568] [client 192.241.212.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3nKAPsCmkGKtZZ49Q59BAAAAAU"]
[Sun Nov 20 07:32:32.536128 2022] [:error] [pid 3126913] [client 192.241.212.227:46568] [client 192.241.212.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3nKAPsCmkGKtZZ49Q59BAAAAAU"]
[Sun Nov 20 08:12:03.166207 2022] [:error] [pid 3126417] [client 64.62.197.230:2811] [client 64.62.197.230] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3nTQ2Hyyh2uReD6RpM8mgAAAAQ"]
[Sun Nov 20 08:21:34.742082 2022] [:error] [pid 3126414] [client 64.62.197.229:43679] [client 64.62.197.229] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3nVftoURXhDDU0X1sgKpwAAAAo"]
[Sun Nov 20 08:26:14.653725 2022] [:error] [pid 3126416] [client 64.62.197.227:37683] [client 64.62.197.227] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3nWlrpTWUMf3jFQWg64MQAAAAA"]
[Sun Nov 20 08:27:07.175458 2022] [:error] [pid 3126415] [client 64.62.197.239:35741] [client 64.62.197.239] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3nWy0o2i6vhVcLFP2AnrQAAAAM"]
[Sun Nov 20 08:27:07.178263 2022] [:error] [pid 3126415] [client 64.62.197.239:35741] [client 64.62.197.239] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3nWy0o2i6vhVcLFP2AnrQAAAAM"]
[Sun Nov 20 08:27:07.178537 2022] [:error] [pid 3126415] [client 64.62.197.239:35741] [client 64.62.197.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3nWy0o2i6vhVcLFP2AnrQAAAAM"]
[Sun Nov 20 08:27:07.178736 2022] [:error] [pid 3126415] [client 64.62.197.239:35741] [client 64.62.197.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3nWy0o2i6vhVcLFP2AnrQAAAAM"]
[Sun Nov 20 09:25:19.619322 2022] [:error] [pid 3132132] [client 109.206.243.220:45950] [client 109.206.243.220] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3nkb5oZmCZM@o1gmSzsQwAAAAk"]
[Sun Nov 20 10:09:29.068458 2022] [:error] [pid 3131905] [client 194.180.48.125:41734] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3nuydZCiiginv4B1-e62wAAAAY"]
[Sun Nov 20 12:09:48.215246 2022] [:error] [pid 3131906] [client 45.134.144.48:58454] [client 45.134.144.48] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3oK-J4XmNWo9@UfZr8ZQgAAAAc"]
[Sun Nov 20 12:09:48.217689 2022] [:error] [pid 3131906] [client 45.134.144.48:58454] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: ///remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3oK-J4XmNWo9@UfZr8ZQgAAAAc"]
[Sun Nov 20 12:09:48.217736 2022] [:error] [pid 3131906] [client 45.134.144.48:58454] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3oK-J4XmNWo9@UfZr8ZQgAAAAc"]
[Sun Nov 20 12:09:48.217780 2022] [:error] [pid 3131906] [client 45.134.144.48:58454] [client 45.134.144.48] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3oK-J4XmNWo9@UfZr8ZQgAAAAc"]
[Sun Nov 20 12:09:48.218331 2022] [:error] [pid 3131906] [client 45.134.144.48:58454] [client 45.134.144.48] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3oK-J4XmNWo9@UfZr8ZQgAAAAc"]
[Sun Nov 20 12:09:48.218518 2022] [:error] [pid 3131906] [client 45.134.144.48:58454] [client 45.134.144.48] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3oK-J4XmNWo9@UfZr8ZQgAAAAc"]
[Sun Nov 20 12:53:25.058668 2022] [:error] [pid 3126413] [client 183.136.225.32:49969] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3oVNS-iUHn0ngyIq903KQAAAAI"]
[Sun Nov 20 12:55:55.634354 2022] [:error] [pid 3126567] [client 183.136.225.32:43153] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3oVy6gNsAzn-H@IR7zy1wAAAAE"]
[Sun Nov 20 12:56:18.837570 2022] [:error] [pid 3132359] [client 183.136.225.32:51152] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3oV4gw0Z@etEdX8hv3cdAAAAAU"]
[Sun Nov 20 12:56:40.747194 2022] [:error] [pid 3126417] [client 183.136.225.32:29987] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y3oV@GHyyh2uReD6RpM8tQAAAAQ"]
[Sun Nov 20 13:14:55.828511 2022] [:error] [pid 3131906] [client 192.241.203.31:53372] [client 192.241.203.31] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3oaP54XmNWo9@UfZr8ZRAAAAAc"]
[Sun Nov 20 13:14:55.828629 2022] [:error] [pid 3131906] [client 192.241.203.31:53372] [client 192.241.203.31] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3oaP54XmNWo9@UfZr8ZRAAAAAc"]
[Sun Nov 20 13:14:55.829250 2022] [:error] [pid 3131906] [client 192.241.203.31:53372] [client 192.241.203.31] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3oaP54XmNWo9@UfZr8ZRAAAAAc"]
[Sun Nov 20 13:14:55.829432 2022] [:error] [pid 3131906] [client 192.241.203.31:53372] [client 192.241.203.31] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3oaP54XmNWo9@UfZr8ZRAAAAAc"]
[Sun Nov 20 14:17:42.329389 2022] [:error] [pid 3131905] [client 46.30.180.140:58220] [client 46.30.180.140] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3oo9tZCiiginv4B1-e67AAAAAY"]
[Sun Nov 20 15:08:41.071694 2022] [:error] [pid 3132127] [client 128.14.209.162:55402] [client 128.14.209.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3o06e-1gxiVhPs9QM5bhwAAAAg"]
[Sun Nov 20 17:09:00.095467 2022] [:error] [pid 3126417] [client 109.237.98.226:55982] [client 109.237.98.226] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pRHGHyyh2uReD6RpM8vwAAAAQ"]
[Sun Nov 20 17:09:00.095711 2022] [:error] [pid 3126417] [client 109.237.98.226:55982] [client 109.237.98.226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pRHGHyyh2uReD6RpM8vwAAAAQ"]
[Sun Nov 20 17:09:00.096011 2022] [:error] [pid 3126417] [client 109.237.98.226:55982] [client 109.237.98.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pRHGHyyh2uReD6RpM8vwAAAAQ"]
[Sun Nov 20 17:09:00.096212 2022] [:error] [pid 3126417] [client 109.237.98.226:55982] [client 109.237.98.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pRHGHyyh2uReD6RpM8vwAAAAQ"]
[Sun Nov 20 17:33:40.011638 2022] [:error] [pid 3132132] [client 109.237.97.180:59338] [client 109.237.97.180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pW5JoZmCZM@o1gmSzsaQAAAAk"]
[Sun Nov 20 17:33:40.011859 2022] [:error] [pid 3132132] [client 109.237.97.180:59338] [client 109.237.97.180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pW5JoZmCZM@o1gmSzsaQAAAAk"]
[Sun Nov 20 17:33:40.012145 2022] [:error] [pid 3132132] [client 109.237.97.180:59338] [client 109.237.97.180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pW5JoZmCZM@o1gmSzsaQAAAAk"]
[Sun Nov 20 17:33:40.012366 2022] [:error] [pid 3132132] [client 109.237.97.180:59338] [client 109.237.97.180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3pW5JoZmCZM@o1gmSzsaQAAAAk"]
[Sun Nov 20 18:52:06.992489 2022] [:error] [pid 3131906] [client 161.35.207.246:41356] [client 161.35.207.246] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3ppRp4XmNWo9@UfZr8ZTAAAAAc"]
[Sun Nov 20 19:05:02.641074 2022] [:error] [pid 3131906] [client 185.7.214.218:37978] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3psTp4XmNWo9@UfZr8ZTQAAAAc"]
[Sun Nov 20 19:05:02.641234 2022] [:error] [pid 3131906] [client 185.7.214.218:37978] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3psTp4XmNWo9@UfZr8ZTQAAAAc"]
[Sun Nov 20 19:05:02.641392 2022] [:error] [pid 3131906] [client 185.7.214.218:37978] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3psTp4XmNWo9@UfZr8ZTQAAAAc"]
[Sun Nov 20 19:05:02.641434 2022] [:error] [pid 3131906] [client 185.7.214.218:37978] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3psTp4XmNWo9@UfZr8ZTQAAAAc"]
[Sun Nov 20 19:05:02.642113 2022] [:error] [pid 3131906] [client 185.7.214.218:37978] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3psTp4XmNWo9@UfZr8ZTQAAAAc"]
[Sun Nov 20 19:05:02.642284 2022] [:error] [pid 3131906] [client 185.7.214.218:37978] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3psTp4XmNWo9@UfZr8ZTQAAAAc"]
[Sun Nov 20 19:08:35.723507 2022] [:error] [pid 3126417] [client 35.195.93.98:42340] [client 35.195.93.98] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3ptI2Hyyh2uReD6RpM8wgAAAAQ"]
[Sun Nov 20 19:12:35.215880 2022] [:error] [pid 3132127] [client 183.136.225.32:16003] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3puE@-1gxiVhPs9QM5bjAAAAAg"]
[Sun Nov 20 19:14:10.399423 2022] [:error] [pid 3134511] [client 183.136.225.32:28077] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3pucpzZlTW6532lUJvqgwAAAAA"]
[Sun Nov 20 19:14:32.052794 2022] [:error] [pid 3126415] [client 183.136.225.32:13318] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3puiEo2i6vhVcLFP2An4wAAAAM"]
[Sun Nov 20 19:14:55.760817 2022] [:error] [pid 3132132] [client 183.136.225.32:38858] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y3pun5oZmCZM@o1gmSzsawAAAAk"]
[Sun Nov 20 19:20:54.175311 2022] [:error] [pid 3131906] [client 51.77.247.119:36960] [client 51.77.247.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/_profiler/phpinfo"] [unique_id "Y3pwBp4XmNWo9@UfZr8ZTgAAAAc"]
[Sun Nov 20 19:37:00.045991 2022] [:error] [pid 3131905] [client 45.61.188.24:35438] [client 45.61.188.24] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ztp/cgi-bin/handler"] [unique_id "Y3pzzNZCiiginv4B1-e68gAAAAY"]
[Sun Nov 20 19:46:02.521216 2022] [:error] [pid 3132132] [client 45.61.188.24:49844] [client 45.61.188.24] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ztp/cgi-bin/handler"] [unique_id "Y3p16poZmCZM@o1gmSzsbAAAAAk"]
[Sun Nov 20 22:30:42.310927 2022] [:error] [pid 3132132] [client 205.209.96.18:52204] [client 205.209.96.18] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3qcgpoZmCZM@o1gmSzsbwAAAAk"]
[Sun Nov 20 23:45:23.178385 2022] [:error] [pid 3126567] [client 192.241.203.138:47042] [client 192.241.203.138] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3quA6gNsAzn-H@IR7zy4gAAAAE"]
[Sun Nov 20 23:45:23.178512 2022] [:error] [pid 3126567] [client 192.241.203.138:47042] [client 192.241.203.138] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3quA6gNsAzn-H@IR7zy4gAAAAE"]
[Sun Nov 20 23:45:23.178924 2022] [:error] [pid 3126567] [client 192.241.203.138:47042] [client 192.241.203.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3quA6gNsAzn-H@IR7zy4gAAAAE"]
[Sun Nov 20 23:45:23.179123 2022] [:error] [pid 3126567] [client 192.241.203.138:47042] [client 192.241.203.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/version"] [unique_id "Y3quA6gNsAzn-H@IR7zy4gAAAAE"]
[Sun Nov 20 23:53:50.022317 2022] [:error] [pid 3131905] [client 152.89.196.211:33774] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3qv-tZCiiginv4B1-e69gAAAAY"]
[Mon Nov 21 00:06:03.729762 2022] [:error] [pid 3139682] [client 185.7.214.218:58740] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3qy25oNih9kr0asEDb4GAAAAAo"]
[Mon Nov 21 00:06:03.729988 2022] [:error] [pid 3139682] [client 185.7.214.218:58740] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3qy25oNih9kr0asEDb4GAAAAAo"]
[Mon Nov 21 00:06:03.730046 2022] [:error] [pid 3139682] [client 185.7.214.218:58740] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3qy25oNih9kr0asEDb4GAAAAAo"]
[Mon Nov 21 00:06:03.730087 2022] [:error] [pid 3139682] [client 185.7.214.218:58740] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3qy25oNih9kr0asEDb4GAAAAAo"]
[Mon Nov 21 00:06:03.730907 2022] [:error] [pid 3139682] [client 185.7.214.218:58740] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3qy25oNih9kr0asEDb4GAAAAAo"]
[Mon Nov 21 00:06:03.731120 2022] [:error] [pid 3139682] [client 185.7.214.218:58740] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3qy25oNih9kr0asEDb4GAAAAAo"]
[Mon Nov 21 01:40:30.234157 2022] [:error] [pid 3139682] [client 152.89.196.211:46070] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3rI-poNih9kr0asEDb4GgAAAAo"]
[Mon Nov 21 01:43:55.547034 2022] [:error] [pid 3139685] [client 194.180.48.125:34594] [client 194.180.48.125] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/docker-compose.yml"] [unique_id "Y3rJyx1ligFkgO9umYgyNQAAAAE"]
[Mon Nov 21 02:19:12.126905 2022] [:error] [pid 3139683] [client 194.110.203.60:33448] [client 194.110.203.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/openam/XUI/"] [unique_id "Y3rSECnuCr2Vog2yL5iHlQAAAAM"]
[Mon Nov 21 02:19:34.503568 2022] [:error] [pid 3139685] [client 194.110.203.60:55992] [client 194.110.203.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3rSJh1ligFkgO9umYgyNgAAAAE"]
[Mon Nov 21 02:41:17.702825 2022] [:error] [pid 3139682] [client 194.110.203.60:50762] [client 194.110.203.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/openam/css/main.css"] [unique_id "Y3rXPZoNih9kr0asEDb4HAAAAAo"]
[Mon Nov 21 03:49:52.794368 2022] [:error] [pid 3139683] [client 94.102.61.8:53050] [client 94.102.61.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3rnUCnuCr2Vog2yL5iHlwAAAAM"]
[Mon Nov 21 04:47:13.233678 2022] [:error] [pid 3139684] [client 198.199.118.222:51786] [client 198.199.118.222] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3r0wbv2NpUXLAuTt4sawAAAAAQ"]
[Mon Nov 21 04:47:13.233800 2022] [:error] [pid 3139684] [client 198.199.118.222:51786] [client 198.199.118.222] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3r0wbv2NpUXLAuTt4sawAAAAAQ"]
[Mon Nov 21 04:47:13.234138 2022] [:error] [pid 3139684] [client 198.199.118.222:51786] [client 198.199.118.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3r0wbv2NpUXLAuTt4sawAAAAAQ"]
[Mon Nov 21 04:47:13.234312 2022] [:error] [pid 3139684] [client 198.199.118.222:51786] [client 198.199.118.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3r0wbv2NpUXLAuTt4sawAAAAAQ"]
[Mon Nov 21 05:37:55.942995 2022] [:error] [pid 3139683] [client 64.62.197.205:49001] [client 64.62.197.205] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3sAoynuCr2Vog2yL5iHmgAAAAM"]
[Mon Nov 21 05:47:47.529270 2022] [:error] [pid 3139683] [client 64.62.197.204:3139] [client 64.62.197.204] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3sC8ynuCr2Vog2yL5iHmwAAAAM"]
[Mon Nov 21 05:52:01.490326 2022] [:error] [pid 3139690] [client 64.62.197.197:42067] [client 64.62.197.197] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3sD8WzG32NR0-exAPRT3AAAAAA"]
[Mon Nov 21 05:53:07.779795 2022] [:error] [pid 3139682] [client 64.62.197.203:28587] [client 64.62.197.203] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sEM5oNih9kr0asEDb4IQAAAAo"]
[Mon Nov 21 05:53:07.780044 2022] [:error] [pid 3139682] [client 64.62.197.203:28587] [client 64.62.197.203] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sEM5oNih9kr0asEDb4IQAAAAo"]
[Mon Nov 21 05:53:07.780347 2022] [:error] [pid 3139682] [client 64.62.197.203:28587] [client 64.62.197.203] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sEM5oNih9kr0asEDb4IQAAAAo"]
[Mon Nov 21 05:53:07.780531 2022] [:error] [pid 3139682] [client 64.62.197.203:28587] [client 64.62.197.203] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sEM5oNih9kr0asEDb4IQAAAAo"]
[Mon Nov 21 06:25:16.197206 2022] [:error] [pid 3139690] [client 192.241.196.197:53638] [client 192.241.196.197] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3sLvGzG32NR0-exAPRT3QAAAAA"]
[Mon Nov 21 06:25:16.197356 2022] [:error] [pid 3139690] [client 192.241.196.197:53638] [client 192.241.196.197] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3sLvGzG32NR0-exAPRT3QAAAAA"]
[Mon Nov 21 06:25:16.197870 2022] [:error] [pid 3139690] [client 192.241.196.197:53638] [client 192.241.196.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3sLvGzG32NR0-exAPRT3QAAAAA"]
[Mon Nov 21 06:25:16.198126 2022] [:error] [pid 3139690] [client 192.241.196.197:53638] [client 192.241.196.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y3sLvGzG32NR0-exAPRT3QAAAAA"]
[Mon Nov 21 07:31:59.009213 2022] [:error] [pid 3143405] [client 192.241.208.180:35306] [client 192.241.208.180] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sbX-SeRYntcjLQQWHzdgAAAAU"]
[Mon Nov 21 07:31:59.009366 2022] [:error] [pid 3143405] [client 192.241.208.180:35306] [client 192.241.208.180] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sbX-SeRYntcjLQQWHzdgAAAAU"]
[Mon Nov 21 07:31:59.009990 2022] [:error] [pid 3143405] [client 192.241.208.180:35306] [client 192.241.208.180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sbX-SeRYntcjLQQWHzdgAAAAU"]
[Mon Nov 21 07:31:59.010175 2022] [:error] [pid 3143405] [client 192.241.208.180:35306] [client 192.241.208.180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sbX-SeRYntcjLQQWHzdgAAAAU"]
[Mon Nov 21 07:55:02.512562 2022] [:error] [pid 3139682] [client 20.120.217.166:63228] [client 20.120.217.166] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sgxpoNih9kr0asEDb4IwAAAAo"]
[Mon Nov 21 07:55:02.512778 2022] [:error] [pid 3139682] [client 20.120.217.166:63228] [client 20.120.217.166] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sgxpoNih9kr0asEDb4IwAAAAo"]
[Mon Nov 21 07:55:02.513095 2022] [:error] [pid 3139682] [client 20.120.217.166:63228] [client 20.120.217.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sgxpoNih9kr0asEDb4IwAAAAo"]
[Mon Nov 21 07:55:02.513271 2022] [:error] [pid 3139682] [client 20.120.217.166:63228] [client 20.120.217.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3sgxpoNih9kr0asEDb4IwAAAAo"]
[Mon Nov 21 08:34:21.749067 2022] [:error] [pid 3143405] [client 198.199.95.173:36070] [client 198.199.95.173] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sp-fSeRYntcjLQQWHzeAAAAAU"]
[Mon Nov 21 08:34:21.749196 2022] [:error] [pid 3143405] [client 198.199.95.173:36070] [client 198.199.95.173] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sp-fSeRYntcjLQQWHzeAAAAAU"]
[Mon Nov 21 08:34:21.749605 2022] [:error] [pid 3143405] [client 198.199.95.173:36070] [client 198.199.95.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sp-fSeRYntcjLQQWHzeAAAAAU"]
[Mon Nov 21 08:34:21.749789 2022] [:error] [pid 3143405] [client 198.199.95.173:36070] [client 198.199.95.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3sp-fSeRYntcjLQQWHzeAAAAAU"]
[Mon Nov 21 08:36:30.719343 2022] [:error] [pid 3139690] [client 192.241.212.122:45284] [client 192.241.212.122] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3sqfmzG32NR0-exAPRT4QAAAAA"]
[Mon Nov 21 08:36:30.719473 2022] [:error] [pid 3139690] [client 192.241.212.122:45284] [client 192.241.212.122] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3sqfmzG32NR0-exAPRT4QAAAAA"]
[Mon Nov 21 08:36:30.720771 2022] [:error] [pid 3139690] [client 192.241.212.122:45284] [client 192.241.212.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3sqfmzG32NR0-exAPRT4QAAAAA"]
[Mon Nov 21 08:36:30.720946 2022] [:error] [pid 3139690] [client 192.241.212.122:45284] [client 192.241.212.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/x.js"] [unique_id "Y3sqfmzG32NR0-exAPRT4QAAAAA"]
[Mon Nov 21 08:36:34.367879 2022] [:error] [pid 3139681] [client 192.241.196.120:56796] [client 192.241.196.120] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3sqgrvJ2r7w-3yG5sYkkwAAAAI"]
[Mon Nov 21 08:36:34.368023 2022] [:error] [pid 3139681] [client 192.241.196.120:56796] [client 192.241.196.120] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3sqgrvJ2r7w-3yG5sYkkwAAAAI"]
[Mon Nov 21 08:36:34.368400 2022] [:error] [pid 3139681] [client 192.241.196.120:56796] [client 192.241.196.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3sqgrvJ2r7w-3yG5sYkkwAAAAI"]
[Mon Nov 21 08:36:34.368593 2022] [:error] [pid 3139681] [client 192.241.196.120:56796] [client 192.241.196.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application"] [unique_id "Y3sqgrvJ2r7w-3yG5sYkkwAAAAI"]
[Mon Nov 21 10:41:38.059375 2022] [:error] [pid 3139690] [client 138.197.132.134:33292] [client 138.197.132.134] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3tH0mzG32NR0-exAPRT5AAAAAA"]
[Mon Nov 21 10:41:38.059492 2022] [:error] [pid 3139690] [client 138.197.132.134:33292] [client 138.197.132.134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3tH0mzG32NR0-exAPRT5AAAAAA"]
[Mon Nov 21 10:41:38.059838 2022] [:error] [pid 3139690] [client 138.197.132.134:33292] [client 138.197.132.134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3tH0mzG32NR0-exAPRT5AAAAAA"]
[Mon Nov 21 10:41:38.060032 2022] [:error] [pid 3139690] [client 138.197.132.134:33292] [client 138.197.132.134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y3tH0mzG32NR0-exAPRT5AAAAAA"]
[Mon Nov 21 10:41:38.518171 2022] [:error] [pid 3139681] [client 138.197.132.134:40008] [client 138.197.132.134] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3tH0rvJ2r7w-3yG5sYklgAAAAI"]
[Mon Nov 21 10:41:38.518276 2022] [:error] [pid 3139681] [client 138.197.132.134:40008] [client 138.197.132.134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3tH0rvJ2r7w-3yG5sYklgAAAAI"]
[Mon Nov 21 10:41:38.518592 2022] [:error] [pid 3139681] [client 138.197.132.134:40008] [client 138.197.132.134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3tH0rvJ2r7w-3yG5sYklgAAAAI"]
[Mon Nov 21 10:41:38.518766 2022] [:error] [pid 3139681] [client 138.197.132.134:40008] [client 138.197.132.134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2h"] [unique_id "Y3tH0rvJ2r7w-3yG5sYklgAAAAI"]
[Mon Nov 21 10:41:41.123510 2022] [:error] [pid 3139685] [client 138.197.132.134:40130] [client 138.197.132.134] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3tH1R1ligFkgO9umYgyQgAAAAE"]
[Mon Nov 21 10:41:41.124780 2022] [:error] [pid 3139685] [client 138.197.132.134:40130] [client 138.197.132.134] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3tH1R1ligFkgO9umYgyQgAAAAE"]
[Mon Nov 21 10:41:41.125116 2022] [:error] [pid 3139685] [client 138.197.132.134:40130] [client 138.197.132.134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3tH1R1ligFkgO9umYgyQgAAAAE"]
[Mon Nov 21 10:41:41.125338 2022] [:error] [pid 3139685] [client 138.197.132.134:40130] [client 138.197.132.134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3tH1R1ligFkgO9umYgyQgAAAAE"]
[Mon Nov 21 11:38:52.509698 2022] [:error] [pid 3146046] [client 93.177.103.215:59633] [client 93.177.103.215] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tVPLwLHmOc6inmwJzpjwAAAAY"]
[Mon Nov 21 11:38:52.510005 2022] [:error] [pid 3146046] [client 93.177.103.215:59633] [client 93.177.103.215] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tVPLwLHmOc6inmwJzpjwAAAAY"]
[Mon Nov 21 11:38:52.510348 2022] [:error] [pid 3146046] [client 93.177.103.215:59633] [client 93.177.103.215] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tVPLwLHmOc6inmwJzpjwAAAAY"]
[Mon Nov 21 11:38:52.510566 2022] [:error] [pid 3146046] [client 93.177.103.215:59633] [client 93.177.103.215] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tVPLwLHmOc6inmwJzpjwAAAAY"]
[Mon Nov 21 12:13:29.647366 2022] [:error] [pid 3139681] [client 71.6.232.26:53804] [client 71.6.232.26] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3tdWbvJ2r7w-3yG5sYkmgAAAAI"]
[Mon Nov 21 12:24:50.556064 2022] [:error] [pid 3139682] [client 93.177.103.215:50618] [client 93.177.103.215] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tgApoNih9kr0asEDb4KQAAAAo"]
[Mon Nov 21 12:24:50.556325 2022] [:error] [pid 3139682] [client 93.177.103.215:50618] [client 93.177.103.215] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tgApoNih9kr0asEDb4KQAAAAo"]
[Mon Nov 21 12:24:50.556593 2022] [:error] [pid 3139682] [client 93.177.103.215:50618] [client 93.177.103.215] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tgApoNih9kr0asEDb4KQAAAAo"]
[Mon Nov 21 12:24:50.556787 2022] [:error] [pid 3139682] [client 93.177.103.215:50618] [client 93.177.103.215] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y3tgApoNih9kr0asEDb4KQAAAAo"]
[Mon Nov 21 12:54:11.185978 2022] [:error] [pid 3139681] [client 164.92.231.143:43730] [client 164.92.231.143] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3tm47vJ2r7w-3yG5sYkqgAAAAI"]
[Mon Nov 21 13:36:02.122812 2022] [:error] [pid 3146046] [client 167.248.133.46:38524] [client 167.248.133.46] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3twsrwLHmOc6inmwJzpowAAAAY"]
[Mon Nov 21 13:36:02.534747 2022] [:error] [pid 3147151] [client 167.248.133.46:47560] [client 167.248.133.46] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3twsiLAQTKha65zrl9RFAAAAAc"]
[Mon Nov 21 14:01:28.908429 2022] [:error] [pid 3139685] [client 185.7.214.218:60748] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3t2qB1ligFkgO9umYgyWgAAAAE"]
[Mon Nov 21 14:01:28.908592 2022] [:error] [pid 3139685] [client 185.7.214.218:60748] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3t2qB1ligFkgO9umYgyWgAAAAE"]
[Mon Nov 21 14:01:28.908638 2022] [:error] [pid 3139685] [client 185.7.214.218:60748] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3t2qB1ligFkgO9umYgyWgAAAAE"]
[Mon Nov 21 14:01:28.908672 2022] [:error] [pid 3139685] [client 185.7.214.218:60748] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3t2qB1ligFkgO9umYgyWgAAAAE"]
[Mon Nov 21 14:01:28.909385 2022] [:error] [pid 3139685] [client 185.7.214.218:60748] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3t2qB1ligFkgO9umYgyWgAAAAE"]
[Mon Nov 21 14:01:28.909548 2022] [:error] [pid 3139685] [client 185.7.214.218:60748] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3t2qB1ligFkgO9umYgyWgAAAAE"]
[Mon Nov 21 14:27:27.666292 2022] [:error] [pid 3139682] [client 167.94.146.58:49402] [client 167.94.146.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3t8v5oNih9kr0asEDb4PQAAAAo"]
[Mon Nov 21 14:27:27.779845 2022] [:error] [pid 3146046] [client 167.94.146.58:58790] [client 167.94.146.58] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3t8v7wLHmOc6inmwJzprQAAAAY"]
[Mon Nov 21 15:11:07.097813 2022] [:error] [pid 3139681] [client 179.43.177.154:43466] [client 179.43.177.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3uG@7vJ2r7w-3yG5sYkwgAAAAI"]
[Mon Nov 21 15:11:07.099877 2022] [:error] [pid 3139681] [client 179.43.177.154:43466] [client 179.43.177.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3uG@7vJ2r7w-3yG5sYkwgAAAAI"]
[Mon Nov 21 15:11:07.100138 2022] [:error] [pid 3139681] [client 179.43.177.154:43466] [client 179.43.177.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3uG@7vJ2r7w-3yG5sYkwgAAAAI"]
[Mon Nov 21 15:11:07.100323 2022] [:error] [pid 3139681] [client 179.43.177.154:43466] [client 179.43.177.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/wp-content/.git/config"] [unique_id "Y3uG@7vJ2r7w-3yG5sYkwgAAAAI"]
[Mon Nov 21 15:12:50.990434 2022] [:error] [pid 3146046] [client 162.142.125.220:44878] [client 162.142.125.220] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3uHYrwLHmOc6inmwJzptwAAAAY"]
[Mon Nov 21 15:12:51.850518 2022] [:error] [pid 3143405] [client 162.142.125.220:57602] [client 162.142.125.220] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3uHY-SeRYntcjLQQWHzqgAAAAU"]
[Mon Nov 21 15:34:02.110392 2022] [:error] [pid 3143405] [client 35.199.87.62:4346] [client 35.199.87.62] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3uMWvSeRYntcjLQQWHzqwAAAAU"]
[Mon Nov 21 16:49:54.111969 2022] [:error] [pid 3143405] [client 192.241.194.73:58460] [client 192.241.194.73] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ueIvSeRYntcjLQQWHzrQAAAAU"]
[Mon Nov 21 16:49:54.112110 2022] [:error] [pid 3143405] [client 192.241.194.73:58460] [client 192.241.194.73] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ueIvSeRYntcjLQQWHzrQAAAAU"]
[Mon Nov 21 16:49:54.112795 2022] [:error] [pid 3143405] [client 192.241.194.73:58460] [client 192.241.194.73] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ueIvSeRYntcjLQQWHzrQAAAAU"]
[Mon Nov 21 16:49:54.112983 2022] [:error] [pid 3143405] [client 192.241.194.73:58460] [client 192.241.194.73] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/autodiscover/autodiscover.json"] [unique_id "Y3ueIvSeRYntcjLQQWHzrQAAAAU"]
[Mon Nov 21 19:00:03.025620 2022] [:error] [pid 3147151] [client 183.136.225.32:8221] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3u8oyLAQTKha65zrl9RTgAAAAc"]
[Mon Nov 21 19:07:19.388621 2022] [:error] [pid 3147081] [client 35.195.93.98:58300] [client 35.195.93.98] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3u@V4OYxDwRxzXnB-T34AAAAAk"]
[Mon Nov 21 19:24:36.366911 2022] [:error] [pid 3148585] [client 185.7.214.218:45906] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3vCZGV7wds9x1UXLXmdWgAAAAQ"]
[Mon Nov 21 19:24:36.369140 2022] [:error] [pid 3148585] [client 185.7.214.218:45906] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3vCZGV7wds9x1UXLXmdWgAAAAQ"]
[Mon Nov 21 19:24:36.369204 2022] [:error] [pid 3148585] [client 185.7.214.218:45906] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3vCZGV7wds9x1UXLXmdWgAAAAQ"]
[Mon Nov 21 19:24:36.369240 2022] [:error] [pid 3148585] [client 185.7.214.218:45906] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3vCZGV7wds9x1UXLXmdWgAAAAQ"]
[Mon Nov 21 19:24:36.369837 2022] [:error] [pid 3148585] [client 185.7.214.218:45906] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3vCZGV7wds9x1UXLXmdWgAAAAQ"]
[Mon Nov 21 19:24:36.370006 2022] [:error] [pid 3148585] [client 185.7.214.218:45906] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3vCZGV7wds9x1UXLXmdWgAAAAQ"]
[Mon Nov 21 20:22:59.978865 2022] [:error] [pid 3148585] [client 128.199.31.216:41524] [client 128.199.31.216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3vQE2V7wds9x1UXLXmdWwAAAAQ"]
[Mon Nov 21 20:22:59.979200 2022] [:error] [pid 3148585] [client 128.199.31.216:41524] [client 128.199.31.216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3vQE2V7wds9x1UXLXmdWwAAAAQ"]
[Mon Nov 21 20:22:59.979388 2022] [:error] [pid 3148585] [client 128.199.31.216:41524] [client 128.199.31.216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indaco.store"] [uri "/.env"] [unique_id "Y3vQE2V7wds9x1UXLXmdWwAAAAQ"]
[Mon Nov 21 21:56:14.342263 2022] [:error] [pid 3149613] [client 152.89.196.211:57862] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3vl7lD5lFx1d3vYKhrwaAAAAAs"]
[Mon Nov 21 23:06:16.369277 2022] [:error] [pid 3149718] [client 20.74.166.164:5899] [client 20.74.166.164] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3v2WKGPJ8k9uAQroc4fZAAAAAU"]
[Mon Nov 21 23:33:52.971221 2022] [:error] [pid 3147151] [client 152.89.196.211:57858] [client 152.89.196.211] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/gateway/routes"] [unique_id "Y3v80CLAQTKha65zrl9RUwAAAAc"]
[Tue Nov 22 01:10:40.243296 2022] [:error] [pid 3153445] [client 87.236.176.49:53139] [client 87.236.176.49] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3wTgGHAyyJmQhOXpIzGHQAAAAY"]
[Tue Nov 22 01:24:03.669442 2022] [:error] [pid 3153443] [client 128.14.141.34:37604] [client 128.14.141.34] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3wWoygDIbPEYoK5BZShXwAAAAI"]
[Tue Nov 22 02:15:33.859976 2022] [:error] [pid 3153448] [client 172.105.246.139:45808] [client 172.105.246.139] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3witUyKa@QRWqcrp3M7aQAAAAk"]
[Tue Nov 22 02:15:34.024922 2022] [authz_core:error] [pid 3153445] [client 172.105.246.139:48778] AH01630: client denied by server configuration: /var/www/magento.test.indacotrentino.com/www/server-status
[Tue Nov 22 02:15:44.286419 2022] [:error] [pid 3153445] [client 172.105.246.139:48800] [client 172.105.246.139] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3wiwGHAyyJmQhOXpIzGIgAAAAY"]
[Tue Nov 22 02:15:44.321544 2022] [:error] [pid 3154693] [client 172.105.246.139:48806] [client 172.105.246.139] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/sdk"] [unique_id "Y3wiwPKPgViy9Xi3AuVr0wAAAAU"]
[Tue Nov 22 02:15:44.329837 2022] [:error] [pid 3154694] [client 172.105.246.139:48810] [client 172.105.246.139] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".dll"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/scripts/WPnBr.dll"] [unique_id "Y3wiwAeB2PJeDF8IiUTxlwAAAAc"]
[Tue Nov 22 02:15:44.330414 2022] [:error] [pid 3154694] [client 172.105.246.139:48810] [client 172.105.246.139] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/scripts/WPnBr.dll"] [unique_id "Y3wiwAeB2PJeDF8IiUTxlwAAAAc"]
[Tue Nov 22 02:15:44.330631 2022] [:error] [pid 3154694] [client 172.105.246.139:48810] [client 172.105.246.139] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/scripts/WPnBr.dll"] [unique_id "Y3wiwAeB2PJeDF8IiUTxlwAAAAc"]
[Tue Nov 22 02:15:54.590515 2022] [:error] [pid 3153444] [client 172.105.246.139:40212] [client 172.105.246.139] ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). [hostname "37.186.153.126"] [uri "/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"] [unique_id "Y3wiytiAk2HNgtPqr7JyOgAAAAE"]
[Tue Nov 22 02:15:54.606693 2022] [:error] [pid 3154693] [client 172.105.246.139:40214] [client 172.105.246.139] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/.git/HEAD"] [unique_id "Y3wiyvKPgViy9Xi3AuVr1QAAAAU"]
[Tue Nov 22 02:15:54.606905 2022] [:error] [pid 3154693] [client 172.105.246.139:40214] [client 172.105.246.139] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/.git/HEAD"] [unique_id "Y3wiyvKPgViy9Xi3AuVr1QAAAAU"]
[Tue Nov 22 02:15:54.607057 2022] [:error] [pid 3154693] [client 172.105.246.139:40214] [client 172.105.246.139] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "37-186-153-126.ip.bkom.it"] [uri "/.git/HEAD"] [unique_id "Y3wiyvKPgViy9Xi3AuVr1QAAAAU"]
[Tue Nov 22 02:16:16.852302 2022] [:error] [pid 3154695] [client 172.105.246.139:57858] [client 172.105.246.139] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "516"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/"] [unique_id "Y3wi4DEdrFxz8eJkNIkqjAAAAAo"]
[Tue Nov 22 02:32:54.045118 2022] [:error] [pid 3153445] [client 183.136.225.32:2430] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3wmxmHAyyJmQhOXpIzGMAAAAAY"]
[Tue Nov 22 02:37:09.855469 2022] [:error] [pid 3153466] [client 183.136.225.32:25234] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3wnxalxHTHnQhDDqzcDNgAAAAA"]
[Tue Nov 22 02:37:35.151865 2022] [:error] [pid 3154697] [client 183.136.225.32:59644] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3wn30@5mUzs1aW@YeIYiAAAAAw"]
[Tue Nov 22 02:38:19.927470 2022] [:error] [pid 3154688] [client 183.136.225.32:54887] [client 183.136.225.32] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/robots.txt"] [unique_id "Y3woC-o8eOP-xsiimNS-WQAAAAQ"]
[Tue Nov 22 04:48:32.535127 2022] [:error] [pid 3154699] [client 192.241.212.228:50732] [client 192.241.212.228] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3xGkP03Jh9xoxUIz9VdfQAAAAI"]
[Tue Nov 22 04:48:32.535242 2022] [:error] [pid 3154699] [client 192.241.212.228:50732] [client 192.241.212.228] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3xGkP03Jh9xoxUIz9VdfQAAAAI"]
[Tue Nov 22 04:48:32.535581 2022] [:error] [pid 3154699] [client 192.241.212.228:50732] [client 192.241.212.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3xGkP03Jh9xoxUIz9VdfQAAAAI"]
[Tue Nov 22 04:48:32.535753 2022] [:error] [pid 3154699] [client 192.241.212.228:50732] [client 192.241.212.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3xGkP03Jh9xoxUIz9VdfQAAAAI"]
[Tue Nov 22 06:23:40.728990 2022] [:error] [pid 3153466] [client 185.7.214.218:60396] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3xc3KlxHTHnQhDDqzcDOgAAAAA"]
[Tue Nov 22 06:23:40.729159 2022] [:error] [pid 3153466] [client 185.7.214.218:60396] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3xc3KlxHTHnQhDDqzcDOgAAAAA"]
[Tue Nov 22 06:23:40.729203 2022] [:error] [pid 3153466] [client 185.7.214.218:60396] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3xc3KlxHTHnQhDDqzcDOgAAAAA"]
[Tue Nov 22 06:23:40.729246 2022] [:error] [pid 3153466] [client 185.7.214.218:60396] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3xc3KlxHTHnQhDDqzcDOgAAAAA"]
[Tue Nov 22 06:23:40.729871 2022] [:error] [pid 3153466] [client 185.7.214.218:60396] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3xc3KlxHTHnQhDDqzcDOgAAAAA"]
[Tue Nov 22 06:23:40.730050 2022] [:error] [pid 3153466] [client 185.7.214.218:60396] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3xc3KlxHTHnQhDDqzcDOgAAAAA"]
[Tue Nov 22 07:37:33.932048 2022] [:error] [pid 3154695] [client 192.241.206.36:45538] [client 192.241.206.36] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3xuLTEdrFxz8eJkNIkqkgAAAAo"]
[Tue Nov 22 07:37:33.932173 2022] [:error] [pid 3154695] [client 192.241.206.36:45538] [client 192.241.206.36] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3xuLTEdrFxz8eJkNIkqkgAAAAo"]
[Tue Nov 22 07:37:33.933009 2022] [:error] [pid 3154695] [client 192.241.206.36:45538] [client 192.241.206.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3xuLTEdrFxz8eJkNIkqkgAAAAo"]
[Tue Nov 22 07:37:33.933242 2022] [:error] [pid 3154695] [client 192.241.206.36:45538] [client 192.241.206.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y3xuLTEdrFxz8eJkNIkqkgAAAAo"]
[Tue Nov 22 09:48:11.826669 2022] [:error] [pid 3154699] [client 188.75.173.116:42095] [client 188.75.173.116] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3yMy-03Jh9xoxUIz9VdgQAAAAI"]
[Tue Nov 22 10:46:38.260913 2022] [:error] [pid 3154695] [client 40.79.246.9:61281] [client 40.79.246.9] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yafjEdrFxz8eJkNIkqlwAAAAo"]
[Tue Nov 22 10:46:38.261176 2022] [:error] [pid 3154695] [client 40.79.246.9:61281] [client 40.79.246.9] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yafjEdrFxz8eJkNIkqlwAAAAo"]
[Tue Nov 22 10:46:38.261531 2022] [:error] [pid 3154695] [client 40.79.246.9:61281] [client 40.79.246.9] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yafjEdrFxz8eJkNIkqlwAAAAo"]
[Tue Nov 22 10:46:38.261745 2022] [:error] [pid 3154695] [client 40.79.246.9:61281] [client 40.79.246.9] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yafjEdrFxz8eJkNIkqlwAAAAo"]
[Tue Nov 22 11:28:47.292819 2022] [:error] [pid 3154697] [client 109.206.243.162:42114] [client 109.206.243.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y3ykX0@5mUzs1aW@YeIYjwAAAAw"]
[Tue Nov 22 11:57:44.163630 2022] [:error] [pid 3160466] [client 213.21.147.71:59236] [client 213.21.147.71] ModSecurity: Rule 7efe3f7b0030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "magento.test.indacotrentino.com"] [uri "/admin_xd1yn7/catalog/product_set/save/id/4/key/b8c77bd31372aeea95bd0a6bb4a26d536c2ea18134aac0b57659ae8617608b23/"] [unique_id "Y3yrKB3PL2DSsdD4-o8TRQAAAAU"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7/catalog/product_set/edit/id/4/key/4dd04e3216715814a1da792f17f11ab25efa4679b9f0b7f6609f1aa990e43670/
[Tue Nov 22 11:57:59.577795 2022] [:error] [pid 3153445] [client 213.21.147.71:59248] [client 213.21.147.71] ModSecurity: Rule 7efe3f7b0030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "magento.test.indacotrentino.com"] [uri "/admin_xd1yn7/catalog/product_set/save/id/13/key/b8c77bd31372aeea95bd0a6bb4a26d536c2ea18134aac0b57659ae8617608b23/"] [unique_id "Y3yrN2HAyyJmQhOXpIzGdgAAAAY"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7/catalog/product_set/edit/id/13/key/4dd04e3216715814a1da792f17f11ab25efa4679b9f0b7f6609f1aa990e43670/
[Tue Nov 22 11:58:13.744451 2022] [:error] [pid 3154695] [client 213.21.147.71:59262] [client 213.21.147.71] ModSecurity: Rule 7efe3f7b0030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "magento.test.indacotrentino.com"] [uri "/admin_xd1yn7/catalog/product_set/save/id/9/key/b8c77bd31372aeea95bd0a6bb4a26d536c2ea18134aac0b57659ae8617608b23/"] [unique_id "Y3yrRTEdrFxz8eJkNIkqqwAAAAo"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7/catalog/product_set/edit/id/9/key/4dd04e3216715814a1da792f17f11ab25efa4679b9f0b7f6609f1aa990e43670/
[Tue Nov 22 12:16:10.938697 2022] [:error] [pid 3160466] [client 184.105.247.235:40321] [client 184.105.247.235] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3yveh3PL2DSsdD4-o8TSAAAAAU"]
[Tue Nov 22 12:27:33.562714 2022] [:error] [pid 2033] [client 184.105.247.235:55623] [client 184.105.247.235] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/favicon.ico"] [unique_id "Y3yyJb7wP1tj5ERvG6CpMgAAAAU"]
[Tue Nov 22 12:33:00.907130 2022] [:error] [pid 1199] [client 184.105.247.251:11871] [client 184.105.247.251] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3yzbN0mgBpkTEOIysMYWAAAAAA"]
[Tue Nov 22 12:34:15.885214 2022] [:error] [pid 1207] [client 184.105.247.244:21779] [client 184.105.247.244] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yzt6C6vpITz3MLkmtLQQAAAAQ"]
[Tue Nov 22 12:34:15.885419 2022] [:error] [pid 1207] [client 184.105.247.244:21779] [client 184.105.247.244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yzt6C6vpITz3MLkmtLQQAAAAQ"]
[Tue Nov 22 12:34:15.887048 2022] [:error] [pid 1207] [client 184.105.247.244:21779] [client 184.105.247.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yzt6C6vpITz3MLkmtLQQAAAAQ"]
[Tue Nov 22 12:34:15.887260 2022] [:error] [pid 1207] [client 184.105.247.244:21779] [client 184.105.247.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.git/config"] [unique_id "Y3yzt6C6vpITz3MLkmtLQQAAAAQ"]
[Tue Nov 22 16:58:10.149208 2022] [:error] [pid 4785] [client 185.7.214.218:44844] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3zxktxZFkcbhvLkd8o5DgAAAAU"]
[Tue Nov 22 16:58:10.149364 2022] [:error] [pid 4785] [client 185.7.214.218:44844] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3zxktxZFkcbhvLkd8o5DgAAAAU"]
[Tue Nov 22 16:58:10.149421 2022] [:error] [pid 4785] [client 185.7.214.218:44844] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3zxktxZFkcbhvLkd8o5DgAAAAU"]
[Tue Nov 22 16:58:10.149456 2022] [:error] [pid 4785] [client 185.7.214.218:44844] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3zxktxZFkcbhvLkd8o5DgAAAAU"]
[Tue Nov 22 16:58:10.149966 2022] [:error] [pid 4785] [client 185.7.214.218:44844] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3zxktxZFkcbhvLkd8o5DgAAAAU"]
[Tue Nov 22 16:58:10.150155 2022] [:error] [pid 4785] [client 185.7.214.218:44844] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3zxktxZFkcbhvLkd8o5DgAAAAU"]
[Tue Nov 22 17:39:36.316500 2022] [:error] [pid 4779] [client 51.159.99.253:50486] [client 51.159.99.253] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y3z7SHZUGAESB347cO-KpgAAAAI"]
[Tue Nov 22 19:03:16.906656 2022] [:error] [pid 4785] [client 130.211.54.158:57892] [client 130.211.54.158] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y30O5NxZFkcbhvLkd8o5JgAAAAU"]
[Tue Nov 22 19:29:20.385879 2022] [:error] [pid 4781] [client 185.234.75.144:41260] [client 185.234.75.144] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y30VABMWfoYa7T-XEvlKsAAAAAQ"]
[Tue Nov 22 19:30:51.847477 2022] [:error] [pid 4785] [client 128.14.141.34:45626] [client 128.14.141.34] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y30VW9xZFkcbhvLkd8o5JwAAAAU"]
[Tue Nov 22 21:44:52.436697 2022] [:error] [pid 4777] [client 128.14.134.170:44608] [client 128.14.134.170] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/admin/"] [unique_id "Y300xO5mGLcHJWMMnhI@WQAAAAA"]
[Tue Nov 22 23:12:54.098299 2022] [:error] [pid 4777] [client 146.190.233.241:43142] [client 146.190.233.241] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31JZu5mGLcHJWMMnhI@WgAAAAA"]
[Tue Nov 22 23:12:54.230197 2022] [:error] [pid 4794] [client 146.190.233.241:43236] [client 146.190.233.241] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31JZiFXLELr--fpAmde9wAAAAo"]
[Tue Nov 22 23:12:54.356212 2022] [:error] [pid 4779] [client 146.190.233.241:43288] [client 146.190.233.241] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31JZnZUGAESB347cO-KqwAAAAI"]
[Tue Nov 22 23:12:54.476163 2022] [:error] [pid 4793] [client 146.190.233.241:43322] [client 146.190.233.241] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31JZpAQPtN-djOhzMcNRQAAAAk"]
[Tue Nov 22 23:12:54.599965 2022] [:error] [pid 4788] [client 146.190.233.241:43344] [client 146.190.233.241] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31JZomn7JMAsxPofw4LdAAAAAc"]
[Tue Nov 22 23:46:53.071816 2022] [:error] [pid 4779] [client 103.133.105.200:50314] [client 103.133.105.200] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31RXXZUGAESB347cO-KrAAAAAI"]
[Tue Nov 22 23:46:53.072028 2022] [:error] [pid 4779] [client 103.133.105.200:50314] [client 103.133.105.200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31RXXZUGAESB347cO-KrAAAAAI"]
[Tue Nov 22 23:46:53.072274 2022] [:error] [pid 4779] [client 103.133.105.200:50314] [client 103.133.105.200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31RXXZUGAESB347cO-KrAAAAAI"]
[Tue Nov 22 23:46:53.072429 2022] [:error] [pid 4779] [client 103.133.105.200:50314] [client 103.133.105.200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31RXXZUGAESB347cO-KrAAAAAI"]
[Tue Nov 22 23:46:54.589827 2022] [:error] [pid 4793] [client 103.133.105.200:50465] [client 103.133.105.200] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31RXpAQPtN-djOhzMcNRgAAAAk"]
[Tue Nov 22 23:56:28.564051 2022] [:error] [pid 4785] [client 192.241.206.185:39758] [client 192.241.206.185] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y31TnNxZFkcbhvLkd8o5KwAAAAU"]
[Tue Nov 22 23:56:28.564168 2022] [:error] [pid 4785] [client 192.241.206.185:39758] [client 192.241.206.185] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y31TnNxZFkcbhvLkd8o5KwAAAAU"]
[Tue Nov 22 23:56:28.564499 2022] [:error] [pid 4785] [client 192.241.206.185:39758] [client 192.241.206.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y31TnNxZFkcbhvLkd8o5KwAAAAU"]
[Tue Nov 22 23:56:28.564672 2022] [:error] [pid 4785] [client 192.241.206.185:39758] [client 192.241.206.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/actuator/health"] [unique_id "Y31TnNxZFkcbhvLkd8o5KwAAAAU"]
[Wed Nov 23 00:34:12.677894 2022] [:error] [pid 9557] [client 107.189.4.96:55927] [client 107.189.4.96] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31cdDy@VPDZfe2ldEwAYAAAAAY"]
[Wed Nov 23 00:40:22.510412 2022] [:error] [pid 9520] [client 94.102.61.8:54208] [client 94.102.61.8] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y31d5nicLJCi4aLXEsZckwAAAAQ"]
[Wed Nov 23 00:56:04.244227 2022] [:error] [pid 9520] [client 109.237.98.226:59464] [client 109.237.98.226] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31hlHicLJCi4aLXEsZclAAAAAQ"]
[Wed Nov 23 00:56:04.244459 2022] [:error] [pid 9520] [client 109.237.98.226:59464] [client 109.237.98.226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31hlHicLJCi4aLXEsZclAAAAAQ"]
[Wed Nov 23 00:56:04.244724 2022] [:error] [pid 9520] [client 109.237.98.226:59464] [client 109.237.98.226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31hlHicLJCi4aLXEsZclAAAAAQ"]
[Wed Nov 23 00:56:04.244896 2022] [:error] [pid 9520] [client 109.237.98.226:59464] [client 109.237.98.226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/.env"] [unique_id "Y31hlHicLJCi4aLXEsZclAAAAAQ"]
[Wed Nov 23 02:23:53.126695 2022] [:error] [pid 9518] [client 45.83.65.188:12310] [client 45.83.65.188] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y312KQesG-RfieO6q-XssQAAAAI"]
[Wed Nov 23 02:52:44.129266 2022] [:error] [pid 9516] [client 185.7.214.218:36308] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3187FqN2crcMt059Pu7dwAAAAA"]
[Wed Nov 23 02:52:44.129437 2022] [:error] [pid 9516] [client 185.7.214.218:36308] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3187FqN2crcMt059Pu7dwAAAAA"]
[Wed Nov 23 02:52:44.129484 2022] [:error] [pid 9516] [client 185.7.214.218:36308] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3187FqN2crcMt059Pu7dwAAAAA"]
[Wed Nov 23 02:52:44.129519 2022] [:error] [pid 9516] [client 185.7.214.218:36308] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3187FqN2crcMt059Pu7dwAAAAA"]
[Wed Nov 23 02:52:44.130225 2022] [:error] [pid 9516] [client 185.7.214.218:36308] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3187FqN2crcMt059Pu7dwAAAAA"]
[Wed Nov 23 02:52:44.130398 2022] [:error] [pid 9516] [client 185.7.214.218:36308] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y3187FqN2crcMt059Pu7dwAAAAA"]
[Wed Nov 23 03:36:28.675871 2022] [:error] [pid 9517] [client 154.89.5.107:51460] [client 154.89.5.107] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y32HLEKCUilmOBe248hsFgAAAAE"]
[Wed Nov 23 03:36:36.905949 2022] [:error] [pid 9522] [client 154.89.5.103:40836] [client 154.89.5.103] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y32HNHnfD7QN1cAGznQ3ZwAAAAU"]
[Wed Nov 23 03:56:42.113887 2022] [:error] [pid 9516] [client 51.77.247.119:44450] [client 51.77.247.119] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/phpinfo"] [unique_id "Y32L6lqN2crcMt059Pu7eQAAAAA"]
[Wed Nov 23 04:48:32.915371 2022] [:error] [pid 9516] [client 198.199.95.154:49612] [client 198.199.95.154] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y32YEFqN2crcMt059Pu7egAAAAA"]
[Wed Nov 23 04:48:32.915490 2022] [:error] [pid 9516] [client 198.199.95.154:49612] [client 198.199.95.154] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y32YEFqN2crcMt059Pu7egAAAAA"]
[Wed Nov 23 04:48:32.915836 2022] [:error] [pid 9516] [client 198.199.95.154:49612] [client 198.199.95.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y32YEFqN2crcMt059Pu7egAAAAA"]
[Wed Nov 23 04:48:32.916034 2022] [:error] [pid 9516] [client 198.199.95.154:49612] [client 198.199.95.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y32YEFqN2crcMt059Pu7egAAAAA"]
[Wed Nov 23 06:02:14.502110 2022] [:error] [pid 9518] [client 192.241.209.127:55902] [client 192.241.209.127] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y32pVgesG-RfieO6q-XstgAAAAI"]
[Wed Nov 23 06:02:14.502301 2022] [:error] [pid 9518] [client 192.241.209.127:55902] [client 192.241.209.127] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y32pVgesG-RfieO6q-XstgAAAAI"]
[Wed Nov 23 06:02:14.502699 2022] [:error] [pid 9518] [client 192.241.209.127:55902] [client 192.241.209.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y32pVgesG-RfieO6q-XstgAAAAI"]
[Wed Nov 23 06:02:14.502936 2022] [:error] [pid 9518] [client 192.241.209.127:55902] [client 192.241.209.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ReportServer"] [unique_id "Y32pVgesG-RfieO6q-XstgAAAAI"]
[Wed Nov 23 06:09:04.282257 2022] [:error] [pid 9516] [client 192.241.198.103:52066] [client 192.241.198.103] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y32q8FqN2crcMt059Pu7fQAAAAA"]
[Wed Nov 23 06:09:04.282423 2022] [:error] [pid 9516] [client 192.241.198.103:52066] [client 192.241.198.103] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y32q8FqN2crcMt059Pu7fQAAAAA"]
[Wed Nov 23 06:09:04.282871 2022] [:error] [pid 9516] [client 192.241.198.103:52066] [client 192.241.198.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y32q8FqN2crcMt059Pu7fQAAAAA"]
[Wed Nov 23 06:09:04.283136 2022] [:error] [pid 9516] [client 192.241.198.103:52066] [client 192.241.198.103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/login"] [unique_id "Y32q8FqN2crcMt059Pu7fQAAAAA"]
[Wed Nov 23 06:12:36.918796 2022] [:error] [pid 9522] [client 85.105.242.84:40505] [client 85.105.242.84] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y32rxHnfD7QN1cAGznQ3bQAAAAU"]
[Wed Nov 23 07:43:20.869763 2022] [:error] [pid 9516] [client 159.89.46.233:48988] [client 159.89.46.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y33BCFqN2crcMt059Pu7fwAAAAA"]
[Wed Nov 23 07:43:20.869919 2022] [:error] [pid 9516] [client 159.89.46.233:48988] [client 159.89.46.233] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y33BCFqN2crcMt059Pu7fwAAAAA"]
[Wed Nov 23 07:43:20.870277 2022] [:error] [pid 9516] [client 159.89.46.233:48988] [client 159.89.46.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y33BCFqN2crcMt059Pu7fwAAAAA"]
[Wed Nov 23 07:43:20.870461 2022] [:error] [pid 9516] [client 159.89.46.233:48988] [client 159.89.46.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/ab2g"] [unique_id "Y33BCFqN2crcMt059Pu7fwAAAAA"]
[Wed Nov 23 07:43:23.493416 2022] [:error] [pid 9517] [client 159.89.46.233:53728] [client 159.89.46.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y33BC0KCUilmOBe248hsHQAAAAE"]
[Wed Nov 23 07:43:23.493514 2022] [:error] [pid 9517] [client 159.89.46.233:53728] [client 159.89.46.233] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y33BC0KCUilmOBe248hsHQAAAAE"]
[Wed Nov 23 07:43:23.493812 2022] [:error] [pid 9517] [client 159.89.46.233:53728] [client 159.89.46.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y33BC0KCUilmOBe248hsHQAAAAE"]
[Wed Nov 23 07:43:23.493986 2022] [:error] [pid 9517] [client 159.89.46.233:53728] [client 159.89.46.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y33BC0KCUilmOBe248hsHQAAAAE"]
[Wed Nov 23 07:47:04.080657 2022] [:error] [pid 10335] [client 198.199.104.235:34526] [client 198.199.104.235] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y33B6D32I@z3pX36o8B1YwAAAAc"]
[Wed Nov 23 07:47:04.080793 2022] [:error] [pid 10335] [client 198.199.104.235:34526] [client 198.199.104.235] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y33B6D32I@z3pX36o8B1YwAAAAc"]
[Wed Nov 23 07:47:04.081436 2022] [:error] [pid 10335] [client 198.199.104.235:34526] [client 198.199.104.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y33B6D32I@z3pX36o8B1YwAAAAc"]
[Wed Nov 23 07:47:04.081614 2022] [:error] [pid 10335] [client 198.199.104.235:34526] [client 198.199.104.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/owa/auth/logon.aspx"] [unique_id "Y33B6D32I@z3pX36o8B1YwAAAAc"]
[Wed Nov 23 08:41:16.122263 2022] [:error] [pid 9516] [client 185.7.214.218:59716] [client 185.7.214.218] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y33OnFqN2crcMt059Pu7gQAAAAA"]
[Wed Nov 23 08:41:16.122487 2022] [:error] [pid 9516] [client 185.7.214.218:59716] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y33OnFqN2crcMt059Pu7gQAAAAA"]
[Wed Nov 23 08:41:16.122572 2022] [:error] [pid 9516] [client 185.7.214.218:59716] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y33OnFqN2crcMt059Pu7gQAAAAA"]
[Wed Nov 23 08:41:16.122623 2022] [:error] [pid 9516] [client 185.7.214.218:59716] [client 185.7.214.218] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y33OnFqN2crcMt059Pu7gQAAAAA"]
[Wed Nov 23 08:41:16.123415 2022] [:error] [pid 9516] [client 185.7.214.218:59716] [client 185.7.214.218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y33OnFqN2crcMt059Pu7gQAAAAA"]
[Wed Nov 23 08:41:16.123629 2022] [:error] [pid 9516] [client 185.7.214.218:59716] [client 185.7.214.218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 18, 0, 0, 0"] [tag "event-correlation"] [hostname "37.186.153.126"] [uri "/remote/fgt_lang"] [unique_id "Y33OnFqN2crcMt059Pu7gQAAAAA"]
[Wed Nov 23 09:22:48.314130 2022] [:error] [pid 9557] [client 167.94.138.62:43218] [client 167.94.138.62] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126:443"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y33YWDy@VPDZfe2ldEwAfgAAAAY"]
[Wed Nov 23 09:22:48.770763 2022] [:error] [pid 14717] [client 167.94.138.62:47222] [client 167.94.138.62] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/"] [unique_id "Y33YWIXYvk7KycQ7fw8gXAAAAAk"]
[Wed Nov 23 09:23:29.747007 2022] [:error] [pid 9556] [client 79.22.176.21:52830] [client 79.22.176.21] ModSecurity: Rule 7f2cb842d030 [id "941160"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "218"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "magento.test.indacotrentino.com"] [uri "/admin_xd1yn7/mui/bookmark/save/key/4a90979abe0c0eaf323b5084a430289ddbf9898b316a2c5b93e2154f3d12e757/"] [unique_id "Y33YgVPsQ7zUlochMKKP0wAAAAM"], referer: https://magento.test.indacotrentino.com/admin_xd1yn7/catalog/product/index/key/f3970baf0a620d3c24a6e49746b34cabe153d3925135105db62ab0e54eac8759/
[Wed Nov 23 09:57:00.035035 2022] [:error] [pid 9520] [client 109.206.243.162:51128] [client 109.206.243.162] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "37.186.153.126"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "37.186.153.126"] [uri "/explore"] [unique_id "Y33gXHicLJCi4aLXEsZc5wAAAAQ"]
[Wed Nov 23 10:14:43.805355 2022] [:error] [pid 14721] [client 5.77.127.221:37597] [client 5.77.127.221] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "magento.test.indacotrentino.com"] [uri "/error.log"] [unique_id "Y33kg7eLK6f3NSFo07tEXQAAAAo"]
[Wed Nov 23 10:14:43.808045 2022] [:error] [pid 14721] [client 5.77.127.221:37597] [client 5.77.127.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "magento.test.indacotrentino.com"] [uri "/error.log"] [unique_id "Y33kg7eLK6f3NSFo07tEXQAAAAo"]
[Wed Nov 23 10:14:43.808250 2022] [:error] [pid 14721] [client 5.77.127.221:37597] [client 5.77.127.221] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "magento.test.indacotrentino.com"] [uri "/error.log"] [unique_id "Y33kg7eLK6f3NSFo07tEXQAAAAo"]