Heray-Was-Here
Server : nginx/1.30.2
System : Linux elegant-dhawan.198-71-59-75.plesk.page 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64
User : realtyna_guys ( 10000)
PHP Version : 8.2.31
Disable Function : opcache_get_status
Directory :  /var/log/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/log/modsec_audit.log
--ae23bc5d-A--
[04/Jul/2026:01:59:54.656702 +0000] akhpGq6J3KZecsCvRxJidAAAARA 130.12.180.48 54386 198.71.59.75 7080
--ae23bc5d-B--
GET /.config/gcloud/access_tokens.db HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 130.12.180.48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: identity

--ae23bc5d-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--ae23bc5d-H--
Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.59.75|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.59.75|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.59.75"] [uri "/.config/gcloud/access_tokens.db"] [unique_id "akhpGq6J3KZecsCvRxJidAAAARA"]
Action: Intercepted (phase 2)
Stopwatch: 1783130394654631 2108 (- - -)
Stopwatch2: 1783130394654631 2108; combined=732, p1=376, p2=277, p3=0, p4=0, p5=78, sr=93, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--ae23bc5d-Z--

--6e04321a-A--
[04/Jul/2026:01:59:55.002835 +0000] akhpGyTdPRYqvh-_TrDfDAAAANc 130.12.180.48 54402 198.71.59.75 7080
--6e04321a-B--
GET /.config/gcloud/credentials.db HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 130.12.180.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: identity

--6e04321a-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--6e04321a-H--
Message: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.59.75|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||198.71.59.75|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "198.71.59.75"] [uri "/.config/gcloud/credentials.db"] [unique_id "akhpGyTdPRYqvh-_TrDfDAAAANc"]
Action: Intercepted (phase 2)
Stopwatch: 1783130395000658 2211 (- - -)
Stopwatch2: 1783130395000658 2211; combined=999, p1=668, p2=264, p3=0, p4=0, p5=66, sr=223, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--6e04321a-Z--

--3d3dc532-A--
[04/Jul/2026:01:59:55.721979 +0000] akhpGyTdPRYqvh-_TrDfDgAAAMM 130.12.180.48 54436 198.71.59.75 7080
--3d3dc532-B--
GET /.env HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 130.12.180.48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: identity

--3d3dc532-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--3d3dc532-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.59.75"] [uri "/.env"] [unique_id "akhpGyTdPRYqvh-_TrDfDgAAAMM"]
Action: Intercepted (phase 1)
Stopwatch: 1783130395721456 556 (- - -)
Stopwatch2: 1783130395721456 556; combined=256, p1=194, p2=0, p3=0, p4=0, p5=62, sr=78, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--3d3dc532-Z--

--d82f4a66-A--
[04/Jul/2026:01:59:55.813267 +0000] akhpGyTdPRYqvh-_TrDfDwAAAMI 130.12.180.48 54448 198.71.59.75 7080
--d82f4a66-B--
GET /.env_sample HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 130.12.180.48
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: identity

--d82f4a66-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--d82f4a66-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.59.75"] [uri "/.env_sample"] [unique_id "akhpGyTdPRYqvh-_TrDfDwAAAMI"]
Action: Intercepted (phase 1)
Stopwatch: 1783130395812549 759 (- - -)
Stopwatch2: 1783130395812549 759; combined=357, p1=278, p2=0, p3=0, p4=0, p5=78, sr=120, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--d82f4a66-Z--

--c9f41c56-A--
[04/Jul/2026:01:59:56.236328 +0000] akhpHCTdPRYqvh-_TrDfEAAAAMc 130.12.180.48 54454 198.71.59.75 7080
--c9f41c56-B--
GET /.env.backup HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 130.12.180.48
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: identity

--c9f41c56-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--c9f41c56-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.59.75"] [uri "/.env.backup"] [unique_id "akhpHCTdPRYqvh-_TrDfEAAAAMc"]
Action: Intercepted (phase 1)
Stopwatch: 1783130396235760 602 (- - -)
Stopwatch2: 1783130396235760 602; combined=281, p1=213, p2=0, p3=0, p4=0, p5=68, sr=89, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--c9f41c56-Z--

--25638678-A--
[04/Jul/2026:01:59:56.327565 +0000] akhpHK6J3KZecsCvRxJieQAAARc 130.12.180.48 54468 198.71.59.75 7080
--25638678-B--
GET /.env.bak HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 130.12.180.48
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: identity

--25638678-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--25638678-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "198.71.59.75"] [uri "/.env.bak"] [unique_id "akhpHK6J3KZecsCvRxJieQAAARc"]
Action: Intercepted (phase 1)
Stopwatch: 1783130396326963 658 (- - -)
Stopwatch2: 1783130396326963 658; combined=317, p1=245, p2=0, p3=0, p4=0, p5=72, sr=99, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--25638678-Z--

--7db28c1e-A--
[04/Jul/2026:02:17:23.681253 +0000] akhtM66J3KZecsCvRxJjNwAAAQM 104.238.222.26 60382 198.71.59.75 7081
--7db28c1e-B--
GET /wp-json/wp/v2/users HTTP/1.1
Host: www.sumnerd.com
X-Real-IP: 104.238.222.26
X-Accel-Internal: /internal-nginx-static-location
User-Agent: Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Accept-Encoding: gzip, deflate, br
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9,fr;q=0.8
DNT: 1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Cookie: wordpress_test_cookie=WP%20Cookie%20check

--7db28c1e-F--
HTTP/1.1 403 Forbidden
Last-Modified: Fri, 16 Feb 2024 19:55:49 GMT
ETag: "31b-61185216ad36c"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--7db28c1e-H--
Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sumnerd.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sumnerd.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sumnerd.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akhtM66J3KZecsCvRxJjNwAAAQM"]
Action: Intercepted (phase 2)
Stopwatch: 1783131443678864 2471 (- - -)
Stopwatch2: 1783131443678864 2471; combined=1018, p1=288, p2=654, p3=0, p4=0, p5=75, sr=73, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--7db28c1e-Z--

--267e0c2a-A--
[04/Jul/2026:04:29:26.569354 +0000] akiMJiTdPRYqvh-_TrDjHQAAAMs 184.154.139.43 34500 198.71.59.75 7081
--267e0c2a-B--
GET /properties/?=Search&sf3_locationtextsearch=1&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260&IchY=8340%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--267e0c2a-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--267e0c2a-H--
Message: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||www.agenttango.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260&IchY=8340%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||www.agenttango.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260&IchY=8340%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiMJiTdPRYqvh-_TrDjHQAAAMs"]
Action: Intercepted (phase 2)
Stopwatch: 1783139366567022 2390 (- - -)
Stopwatch2: 1783139366567022 2390; combined=626, p1=322, p2=225, p3=0, p4=0, p5=79, sr=70, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--267e0c2a-Z--

--27066877-A--
[04/Jul/2026:04:32:30.633492 +0000] akiM3iTdPRYqvh-_TrDjNwAAANA 184.154.139.43 48096 198.71.59.75 7081
--27066877-B--
GET /properties/?=Search&sf3_locationtextsearch=1%29%3BSELECT%20PG_SLEEP%285%29--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--27066877-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--27066877-H--
Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\s*?pg_sleep)|(?:waitfor\\s*?delay\\s?[\\x22'`]+\\s?\\d)|(?:;\\s*?shutdown\\s*?(?:;|--|#|\\/\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1);SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\\\\\\\s*?pg_sleep)|(?:waitfor\\\\\\\\s*?delay\\\\\\\\s?[\\\\\\\\x22'`]+\\\\\\\\s?\\\\\\\\d)|(?:;\\\\\\\\s*?shutdown\\\\\\\\s*?(?:;|--|#|\\\\\\\\/\\\\\\\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1);SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM3iTdPRYqvh-_TrDjNwAAANA"]
Action: Intercepted (phase 2)
Stopwatch: 1783139550630321 3213 (- - -)
Stopwatch2: 1783139550630321 3213; combined=1938, p1=362, p2=1513, p3=0, p4=0, p5=63, sr=99, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--27066877-Z--

--8f20d840-A--
[04/Jul/2026:04:32:30.706977 +0000] akiM3iTdPRYqvh-_TrDjOAAAANU 184.154.139.43 48112 198.71.59.75 7081
--8f20d840-B--
GET /properties/?=Search&sf3_locationtextsearch=1%3BSELECT%20PG_SLEEP%285%29--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--8f20d840-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--8f20d840-H--
Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\s*?pg_sleep)|(?:waitfor\\s*?delay\\s?[\\x22'`]+\\s?\\d)|(?:;\\s*?shutdown\\s*?(?:;|--|#|\\/\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1;SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\\\\\\\s*?pg_sleep)|(?:waitfor\\\\\\\\s*?delay\\\\\\\\s?[\\\\\\\\x22'`]+\\\\\\\\s?\\\\\\\\d)|(?:;\\\\\\\\s*?shutdown\\\\\\\\s*?(?:;|--|#|\\\\\\\\/\\\\\\\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1;SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM3iTdPRYqvh-_TrDjOAAAANU"]
Action: Intercepted (phase 2)
Stopwatch: 1783139550703859 3158 (- - -)
Stopwatch2: 1783139550703859 3158; combined=1879, p1=334, p2=1480, p3=0, p4=0, p5=65, sr=86, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--8f20d840-Z--

--f037d066-A--
[04/Jul/2026:04:32:30.780611 +0000] akiM3iTdPRYqvh-_TrDjOQAAAMM 184.154.139.43 52398 198.71.59.75 7081
--f037d066-B--
GET /properties/?=Search&sf3_locationtextsearch=1%27%29%3BSELECT%20PG_SLEEP%285%29--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--f037d066-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--f037d066-H--
Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\s*?pg_sleep)|(?:waitfor\\s*?delay\\s?[\\x22'`]+\\s?\\d)|(?:;\\s*?shutdown\\s*?(?:;|--|#|\\/\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1');SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\\\\\\\s*?pg_sleep)|(?:waitfor\\\\\\\\s*?delay\\\\\\\\s?[\\\\\\\\x22'`]+\\\\\\\\s?\\\\\\\\d)|(?:;\\\\\\\\s*?shutdown\\\\\\\\s*?(?:;|--|#|\\\\\\\\/\\\\\\\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1');SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM3iTdPRYqvh-_TrDjOQAAAMM"]
Action: Intercepted (phase 2)
Stopwatch: 1783139550776638 4044 (- - -)
Stopwatch2: 1783139550776638 4044; combined=2573, p1=436, p2=2063, p3=0, p4=0, p5=73, sr=89, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--f037d066-Z--

--65aa9d69-A--
[04/Jul/2026:04:32:30.855192 +0000] akiM3q6J3KZecsCvRxJoAgAAAQ8 184.154.139.43 52402 198.71.59.75 7081
--65aa9d69-B--
GET /properties/?=Search&sf3_locationtextsearch=1%27%3BSELECT%20PG_SLEEP%285%29--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--65aa9d69-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--65aa9d69-H--
Message: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\s*?pg_sleep)|(?:waitfor\\s*?delay\\s?[\\x22'`]+\\s?\\d)|(?:;\\s*?shutdown\\s*?(?:;|--|#|\\/\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1';SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:select\\\\\\\\s*?pg_sleep)|(?:waitfor\\\\\\\\s*?delay\\\\\\\\s?[\\\\\\\\x22'`]+\\\\\\\\s?\\\\\\\\d)|(?:;\\\\\\\\s*?shutdown\\\\\\\\s*?(?:;|--|#|\\\\\\\\/\\\\\\\\*|{)))" at MATCHED_VAR. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "50"] [id "211750"] [rev "4"] [msg "COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||www.agenttango.com|F|2"] [data "Matched Data: 1';SELECT PG_SLEEP(5)-- found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM3q6J3KZecsCvRxJoAgAAAQ8"]
Action: Intercepted (phase 2)
Stopwatch: 1783139550851257 3997 (- - -)
Stopwatch2: 1783139550851257 3997; combined=2489, p1=384, p2=2032, p3=0, p4=0, p5=73, sr=86, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--65aa9d69-Z--

--df00a831-A--
[04/Jul/2026:04:32:30.931286 +0000] akiM3iTdPRYqvh-_TrDjOgAAAMk 184.154.139.43 52410 198.71.59.75 7081
--df00a831-B--
GET /properties/?=Search&sf3_locationtextsearch=1%29%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--df00a831-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--df00a831-H--
Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%29%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%29%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM3iTdPRYqvh-_TrDjOgAAAMk"]
Action: Intercepted (phase 2)
Stopwatch: 1783139550927354 4001 (- - -)
Stopwatch2: 1783139550927354 4001; combined=2478, p1=449, p2=1949, p3=0, p4=0, p5=79, sr=101, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--df00a831-Z--

--e21ef614-A--
[04/Jul/2026:04:32:31.005295 +0000] akiM3yTdPRYqvh-_TrDjOwAAAMQ 184.154.139.43 52412 198.71.59.75 7081
--e21ef614-B--
GET /properties/?=Search&sf3_locationtextsearch=1%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--e21ef614-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--e21ef614-H--
Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM3yTdPRYqvh-_TrDjOwAAAMQ"]
Action: Intercepted (phase 2)
Stopwatch: 1783139551001502 3875 (- - -)
Stopwatch2: 1783139551001502 3875; combined=2312, p1=437, p2=1785, p3=0, p4=0, p5=89, sr=99, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--e21ef614-Z--

--17882262-A--
[04/Jul/2026:04:32:31.082615 +0000] akiM366J3KZecsCvRxJoAwAAAQU 184.154.139.43 52414 198.71.59.75 7081
--17882262-B--
GET /properties/?=Search&sf3_locationtextsearch=1%27%29%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--17882262-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--17882262-H--
Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%27%29%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%27%29%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM366J3KZecsCvRxJoAwAAAQU"]
Action: Intercepted (phase 2)
Stopwatch: 1783139551079308 3348 (- - -)
Stopwatch2: 1783139551079308 3348; combined=2050, p1=384, p2=1602, p3=0, p4=0, p5=63, sr=89, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--17882262-Z--

--8dee9f29-A--
[04/Jul/2026:04:32:31.153036 +0000] akiM366J3KZecsCvRxJoBAAAARc 184.154.139.43 52422 198.71.59.75 7081
--8dee9f29-B--
GET /properties/?=Search&sf3_locationtextsearch=1%27%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260 HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 184.154.139.43
X-Accel-Internal: /internal-nginx-static-location
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
User-Agent: SiteLockSpider
Cookie: PHPSESSID=qg44eljk3t1i5r5e0qummo2999
Accept-Encoding: gzip,deflate

--8dee9f29-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--8dee9f29-H--
Message: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%27%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||www.agenttango.com|F|2"] [data "Matched Data: WAITFOR DELAY found within REQUEST_URI: /properties/?=Search&sf3_locationtextsearch=1%27%3BWAITFOR%20DELAY%20%270%3A0%3A5%27--&sf3_max_price=999999999999&sf3_min_price=1&sf3_select_field_3115=1&sf3_tmin_bathrooms=-1&sf3_tmin_bedrooms=-1&sf3_unit_price=260"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.agenttango.com"] [uri "/properties/"] [unique_id "akiM366J3KZecsCvRxJoBAAAARc"]
Action: Intercepted (phase 2)
Stopwatch: 1783139551150026 3059 (- - -)
Stopwatch2: 1783139551150026 3059; combined=1893, p1=307, p2=1527, p3=0, p4=0, p5=59, sr=70, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--8dee9f29-Z--

--fe04397f-A--
[04/Jul/2026:08:04:42.091864 +0000] aki-miTdPRYqvh-_TrDlowAAANE 168.144.102.43 39700 198.71.59.75 7081
--fe04397f-B--
GET /sftp-config.json HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 168.144.102.43
X-Accel-Internal: /internal-nginx-static-location
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

--fe04397f-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--fe04397f-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.agenttango.com"] [uri "/sftp-config.json"] [unique_id "aki-miTdPRYqvh-_TrDlowAAANE"]
Action: Intercepted (phase 1)
Stopwatch: 1783152282091031 885 (- - -)
Stopwatch2: 1783152282091031 885; combined=284, p1=210, p2=0, p3=0, p4=0, p5=74, sr=75, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--fe04397f-Z--

--f6dcaa6f-A--
[04/Jul/2026:09:45:32.467802 +0000] akjWPCTdPRYqvh-_TrDmeAAAAMg 84.17.43.206 45970 198.71.59.75 7081
--f6dcaa6f-B--
GET //wp-json/wp/v2/users/ HTTP/1.1
Host: tipterrorism.com
X-Real-IP: 84.17.43.206
X-Accel-Internal: /internal-nginx-static-location
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

--f6dcaa6f-F--
HTTP/1.1 403 Forbidden
Last-Modified: Fri, 09 Feb 2024 16:59:20 GMT
ETag: "31b-610f5d9631bb3"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--f6dcaa6f-H--
Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tipterrorism.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tipterrorism.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tipterrorism.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akjWPCTdPRYqvh-_TrDmeAAAAMg"]
Action: Intercepted (phase 2)
Stopwatch: 1783158332464753 3083 (- - -)
Stopwatch2: 1783158332464753 3083; combined=852, p1=342, p2=450, p3=0, p4=0, p5=59, sr=68, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--f6dcaa6f-Z--

--e3aac606-A--
[04/Jul/2026:12:11:24.122896 +0000] akj4bCTdPRYqvh-_TrDo1AAAAM4 51.68.171.141 58166 198.71.59.75 7081
--e3aac606-B--
GET /wp-content/plugins/cidaas-pro-master/composer.json HTTP/1.1
Host: tipterrorism.com
X-Real-IP: 51.68.171.141
X-Accel-Internal: /internal-nginx-static-location
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36
accept: */*

--e3aac606-F--
HTTP/1.1 403 Forbidden
Last-Modified: Fri, 09 Feb 2024 16:59:20 GMT
ETag: "31b-610f5d9631bb3"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--e3aac606-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tipterrorism.com"] [uri "/wp-content/plugins/cidaas-pro-master/composer.json"] [unique_id "akj4bCTdPRYqvh-_TrDo1AAAAM4"]
Action: Intercepted (phase 1)
Stopwatch: 1783167084122320 933 (- - -)
Stopwatch2: 1783167084122320 933; combined=242, p1=183, p2=0, p3=0, p4=0, p5=58, sr=71, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--e3aac606-Z--

--8813163e-A--
[04/Jul/2026:12:16:19.972541 +0000] akj5kyTdPRYqvh-_TrDo5gAAAM8 13.140.137.189 52270 198.71.59.75 7080
--8813163e-B--
POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 13.140.137.189
Content-Length: 245
Upgrade-Insecure-Requests: 1
Accept: */*
User-Agent: libredtail-http
Content-Type: application/x-www-form-urlencoded

--8813163e-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--8813163e-E--

--8813163e-H--
Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||198.71.59.75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||198.71.59.75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "198.71.59.75"] [uri "/hello.world"] [unique_id "akj5kyTdPRYqvh-_TrDo5gAAAM8"]
Action: Intercepted (phase 2)
Stopwatch: 1783167379969969 2618 (- - -)
Stopwatch2: 1783167379969969 2618; combined=1126, p1=398, p2=654, p3=0, p4=0, p5=74, sr=95, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--8813163e-Z--

--1681d802-A--
[04/Jul/2026:12:16:20.690704 +0000] akj5lCTdPRYqvh-_TrDo5wAAAMg 13.140.137.189 52276 198.71.59.75 7080
--1681d802-B--
POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1
Host: 198.71.59.75
X-Real-IP: 13.140.137.189
Content-Length: 245
Upgrade-Insecure-Requests: 1
Accept: */*
User-Agent: libredtail-http
Content-Type: application/x-www-form-urlencoded

--1681d802-F--
HTTP/1.1 403 Forbidden
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

--1681d802-E--
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache Server at 198.71.59.75 Port 80</address>
</body></html>

--1681d802-H--
Message: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd allow_url_include=1 \xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||198.71.59.75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\x5cxadd allow_url_include=1 \x5cxadd auto_prepend_file=php://input: \xadd allow_url_include=1 \xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/modsecurity.d/rules/comodo_free/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||198.71.59.75|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\\\x5cxadd allow_url_include=1 \\\\x5cxadd auto_prepend_file=php://input: \\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "198.71.59.75"] [uri "/"] [unique_id "akj5lCTdPRYqvh-_TrDo5wAAAMg"]
Action: Intercepted (phase 2)
Stopwatch: 1783167380687685 3074 (- - -)
Stopwatch2: 1783167380687685 3074; combined=1641, p1=556, p2=1000, p3=0, p4=0, p5=85, sr=140, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--1681d802-Z--

--5779bf02-A--
[04/Jul/2026:12:50:33.781988 +0000] akkBma6J3KZecsCvRxJwIQAAAQg 109.70.100.4 39474 198.71.59.75 7081
--5779bf02-B--
GET /.git/config HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 109.70.100.4
X-Accel-Internal: /internal-nginx-static-location
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

--5779bf02-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--5779bf02-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.agenttango.com"] [uri "/.git/config"] [unique_id "akkBma6J3KZecsCvRxJwIQAAAQg"]
Action: Intercepted (phase 1)
Stopwatch: 1783169433781203 841 (- - -)
Stopwatch2: 1783169433781203 841; combined=354, p1=270, p2=0, p3=0, p4=0, p5=84, sr=93, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--5779bf02-Z--

--7cf5e54a-A--
[04/Jul/2026:12:50:37.840549 +0000] akkBna6J3KZecsCvRxJwIgAAAQc 109.70.100.2 39480 198.71.59.75 7081
--7cf5e54a-B--
GET /.git/config HTTP/1.1
Host: www.agenttango.com
X-Real-IP: 109.70.100.2
X-Accel-Internal: /internal-nginx-static-location
User-Agent: Go-http-client/1.1
Referer: http://www.agenttango.com/.git/config
Accept-Encoding: gzip

--7cf5e54a-F--
HTTP/1.1 403 Forbidden
Last-Modified: Wed, 06 Sep 2023 17:43:33 GMT
ETag: "31b-604b44842e55e"
Accept-Ranges: bytes
Content-Length: 795
Content-Type: text/html

--7cf5e54a-H--
Message: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 286] [level 3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.agenttango.com"] [uri "/.git/config"] [unique_id "akkBna6J3KZecsCvRxJwIgAAAQc"]
Action: Intercepted (phase 1)
Stopwatch: 1783169437840003 584 (- - -)
Stopwatch2: 1783169437840003 584; combined=237, p1=183, p2=0, p3=0, p4=0, p5=53, sr=66, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--7cf5e54a-Z--


Hry